branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
193.142.147.11200 OK 2.4 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (702), with CRLF line terminators
Hash eb746db886f3449bc6e0b18d40d749ed
b0c5f3fc338182d4f507748736eacdd1e6f1efe1
bac929be7f9d2693901ed4a2e334aa840a3a69e2bf788659b8747f7ba30f6993
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
suricata high ET PHISHING Spox Phish Kit Landing Page 2022-07-05
GET /login.php HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:35 GMT
Server: Apache/2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l; path=/
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2376
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9753
Expires: Fri, 30 Dec 2022 09:07:08 GMT
Date: Fri, 30 Dec 2022 06:24:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 78f1f94544ef06b96bb43283f59d100f
fa2f1a3730a98c6fa5ebf976143fb6093a7298be
889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6791
Expires: Fri, 30 Dec 2022 08:17:46 GMT
Date: Fri, 30 Dec 2022 06:24:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 05:35:32 GMT
content-type: application/json
age: 2943
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 428881081ad357fb55af33ebf9d12c16
29b7be72f76da07db4a03fb1bc57ffe16d520a22
9adff7f91b147b0d93166bc4ece0dd31fd19fd8b2c269a6a596a1e902f49a1fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ADFF7F91B147B0D93166BC4ECE0DD31FD19FD8B2C269A6A596A1E902F49A1FE"
Last-Modified: Wed, 28 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10337
Expires: Fri, 30 Dec 2022 09:16:52 GMT
Date: Fri, 30 Dec 2022 06:24:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WIgbto7hPKCyGrA3NyUW/Niyjpe59XHYlmMtNddT2/e8MeMvlTbQniZydBNKf4s2qeFDeHoAcdA=
x-amz-request-id: B860GS2R71B742BX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 05:59:03 GMT
age: 1532
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
142.250.74.42200 OK 33 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Dec 2022 08:29:09 GMT
Expires: Fri, 29 Dec 2023 08:29:09 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 78926
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
104.17.25.14200 OK 9.4 kB URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (29177)
Hash c77a126f5a1763cba1f40df808bd670b
1aaf935d5c9605b268d982c7b43b4435b6c78b11
09a2aac74dd63101eff013af9178b8d90696a198232a129a41a1e43aa54551d1
GET /ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 9423
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec2-72c7"
Last-Modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 145801
Expires: Wed, 20 Dec 2023 06:24:36 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YLVBxWcXCxQPLxlHzIjTjgMHlvczB8WjewOWLBJ1BXznt1Nsx30u4IzlUaOyiAAwIu8xDE3AvWgxMTNtV8AVP3dpXpvVkwp3kMVCJvXFh1HYlGJNAuVymWZPDqo5JVL%2Fo833qxW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7818b1810c2bb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 06:24:35 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/logon.css
193.142.147.11200 OK 16 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/logon.css
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type ASCII text, with very long lines (65536), with no line terminators
Hash 618bd07cb538045b93d022e78eceee72
67653186807880c14406311062f3802cbb5a29cc
83f4fcbebd9c52267f02866021ce0216f585e536fbd89bd747e30f3bf8d052cf
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/logon.css HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:35 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "1ba2e-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 16328
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/css
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/login.css
193.142.147.11200 OK 1.6 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/login.css
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type ASCII text, with very long lines (1856), with CRLF line terminators
Hash c289b2efc09e8671b50a9b0d2a68cfdf
57e8425b973a7548bd0582b74b7d3085bb6c1af5
1f5f147bed0fcb8388d01046c9f1a85ec27cf78a04848b9d3568281183283068
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/login.css HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "3132-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 1576
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9470f5c8a231f657a6f7d935a4946cc
d301aea9a620161d224ca417d4483b19edc43895
9244d582f8e01055e71e13468b4ca7cbce79556e968696885348219ba5066424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 06:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
142.250.74.42200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Dec 2022 11:09:21 GMT
expires: Wed, 27 Dec 2023 11:09:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 242115
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/blue-ui2.css
193.142.147.11200 OK 62 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/blue-ui2.css
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type ASCII text, with very long lines (65532), with CRLF line terminators
Hash 796dcdd3ccc66e8ff69992d578311239
a9ec40637e5be7449fd69e9ff8a023a5134b0b6c
c07e7ef29cc67db74ad5db919c61daff2835a359b9ccccc100ea9eb994ed8851
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/blue-ui2.css HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "781e1-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9470f5c8a231f657a6f7d935a4946cc
d301aea9a620161d224ca417d4483b19edc43895
9244d582f8e01055e71e13468b4ca7cbce79556e968696885348219ba5066424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 06:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/dashboard.css
193.142.147.11200 OK 214 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/dashboard.css
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type ASCII text, with very long lines (65536), with no line terminators
Size 214 kB (213800 bytes)
Hash 648541c553815b69190deed4b35461ef
2f43d42f827b71bb0792aca1d7a0ffd190da1c6e
cc04d11d14e5c1988c5d5c878bf31f40f27d7be3703883cbb7df3634955ba153
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/dashboard.css HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "1d3ad5-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/blue-ui.css
193.142.147.11200 OK 53 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/blue-ui.css
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type ASCII text, with very long lines (65536), with no line terminators
Hash f9fdc3a60629e3e17f1dbd12387c3acc
f3568a5a139fd44b103f987a92147621ad24683b
541d313f599632d4529ad0977bc4d2a26508cb1a1964e75a5bf473892ad0121e
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/blue-ui.css HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/dashboard.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "6898b-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 52949
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 05:33:31 GMT
age: 3065
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js
104.17.25.14200 OK 765 B URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (1294)
Hash ac199842c5e81e3e31d3c7526dd58a83
04a14d7f565adcbb606353c6a169f2b0dcf73754
87b5d0c1b44a285f0f5f3d99f8de4ec6ef72a3fc7136195ff9f5129984a8adfe
GET /ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 765
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec2-5dc"
Last-Modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 20 Dec 2023 06:24:36 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cf1xtOktm19VE%2BtfWh3PV63xLpptHUs3uHfay4CkyQd8argesPtI3AOXccjEifdhH7UFbqqEfBO%2FwG2ICG3ciX%2BNsnSMQe4Nd34P78B2WnmO1RdFuqpv8LEgfOaS9OciHzelVW2x"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7818b183adb1b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/wordmark-white.svg
193.142.147.11200 OK 645 B URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/wordmark-white.svg
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash d9f9bf9d31b5f774a174920f02af0cbd
32207860ceec665b5e3e43cb93964942d8c95494
152fa82655f284db8ec59d3a30631f9ebdb0e2ef44e94801d0a569881f39f956
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/img/wordmark-white.svg HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/logon.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "581-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 645
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/background.desktop.night.12.jpeg
193.142.147.11200 OK 187 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/background.desktop.night.12.jpeg
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 187 kB (187031 bytes)
Hash ea18a7bc097d50f19da32e98f80a36ac
f89ad5f1b633e545fdd985f2f0c819ed5d9a1bf7
9b92c0a5ed030335751624ba19a830c8182ef2b82a33c408154d5f71d2ec2e69
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/img/background.desktop.night.12.jpeg HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/login.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 29 Feb 2020 04:18:48 GMT
ETag: "2da97-59faf4027da00"
Accept-Ranges: bytes
Content-Length: 187031
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/opensans-regular.woff
193.142.147.11200 OK 25 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/opensans-regular.woff
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type Web Open Font Format, TrueType, length 24876, version 1.0\012- data
Hash 4eeedb4bc24c1cae309e117eea3f102f
ad5a141ef39ad1ada22a464fcd3678fcf72ac22b
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/fonts/opensans-regular.woff HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/login.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "612c-59f2da79d4580"
Accept-Ranges: bytes
Content-Length: 24876
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-font-woff
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/dcefont.woff
193.142.147.11200 OK 53 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/dcefont.woff
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type Web Open Font Format, TrueType, length 52572, version 1.0\012- data
Hash 246d7cde27d09b7212e3528b6323cef7
45043cf1de108bb0dd2ecaf98d6467f43c25624d
d53f74cb74bb7738f0fa226ead6ddd70a5de9cc9d6ee48034fc2d1f8204aceb4
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/fonts/dcefont.woff HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/blue-ui.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "cd5c-59f2da79d4580"
Accept-Ranges: bytes
Content-Length: 52572
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: application/x-font-woff
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/opensans-semibold.woff
193.142.147.11200 OK 25 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/fonts/opensans-semibold.woff
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type Web Open Font Format, TrueType, length 25108, version 1.0\012- data
Hash 33b58dcbc5aa1ae12fa76473c21ffe44
82a3345756101d0f95fe1dab285e9f9c4e79871f
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/css/fonts/opensans-semibold.woff HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/css/login.css
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "6214-59f2da79d4580"
Accept-Ranges: bytes
Content-Length: 25108
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-font-woff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5467
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 06:24:36 GMT
Last-Modified: Fri, 30 Dec 2022 04:53:29 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/chase-touch-icon-152x152.png
193.142.147.11200 OK 3.3 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/chase-touch-icon-152x152.png
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Hash c914a8a86590b23691476a4178ea3a52
af16ec4fc3b5446cac17ec8f0044286b835d3295
f3446f452fc926c9182a2a43780faa169e533df8446d4f9a5f62ac2fb5b375e6
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/img/chase-touch-icon-152x152.png HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "cea-59f2da79d4580"
Accept-Ranges: bytes
Content-Length: 3306
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: image/png
branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/chasefavicon.ico
193.142.147.11200 OK 2.5 kB URL HTTP/1.1 branch-helpdesk-manhattan-jpmorgan.itsaol.com/Crax/Files/img/chasefavicon.ico
IP 193.142.147.11:0
ASN #53356 FREE RANGE CLOUD
File type MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash af845ef020447308e234adc394188b88
aa7d30726dae96bfaa1cc5d346ee972a8a274f65
6c3377e59243258658657f4c0b960e7cfe4ee83b14b08faad40a4cb42d53058a
Analyzer Verdict Alert urlquery phishing Phishing - Chase
urlquery phishing Phishing - Chase
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
GET /Crax/Files/img/chasefavicon.ico HTTP/1.1
Host: branch-helpdesk-manhattan-jpmorgan.itsaol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://branch-helpdesk-manhattan-jpmorgan.itsaol.com/login.php
Cookie: PHPSESSID=pvhm5tkerccusin7tgcmkce77l
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 06:24:36 GMT
Server: Apache/2
Last-Modified: Sat, 22 Feb 2020 17:41:58 GMT
ETag: "7d26-59f2da79d4580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 2460
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/x-icon
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fMjSwmB56EwI3l7+38KhPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lbez3W5hvelxekAv2zmefqXhRUY=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9867
Expires: Fri, 30 Dec 2022 09:09:05 GMT
Date: Fri, 30 Dec 2022 06:24:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9867
Expires: Fri, 30 Dec 2022 09:09:05 GMT
Date: Fri, 30 Dec 2022 06:24:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9867
Expires: Fri, 30 Dec 2022 09:09:05 GMT
Date: Fri, 30 Dec 2022 06:24:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ebe131c7787411178a93d045ba57b5a
40b601b6ad3a3d7738b5b55777981598f4dc0519
68ea133b346bd1f76cd7b4dcf5023d8f987935dff380bacec73dec957effb97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11516
x-amzn-requestid: e4e9ceeb-b2e5-454f-9550-d412fc0be82a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7aRLGuqoAMF3JA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0a6d-6ed43b46144121dc2dd7db2f;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:45:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k0PrvFSOqoZYQXx_0QjokoJbSVcXMpPcLFw2qrfQvyvegLMw4rghTA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:16:26 GMT
age: 29292
etag: "40b601b6ad3a3d7738b5b55777981598f4dc0519"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51e07c8cb6d9597f35747f86d066ceb0
f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c
ae483370712700a1126be780f0684edbf5d5d9012f611a673b8ad32b49bedae5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12128
x-amzn-requestid: 57e64ee7-4792-4240-b6ef-70d65d057136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZTTExLIAMF-Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e1-377fb669207833c413b92cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GJX-uBJ3LpYYXbhvc1rpA5KinXAgkweLQOTj3b6PEwuQs4O7IyRxaQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:50:07 GMT
age: 30871
etag: "f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 04ff669d78aa3b124777ed831dd75388
25a931a0c81b4cba304a1fd5c16c22fae2d1406b
df6dd60216b8005bece1f984af8ec5d857e04071c381f6ded1573ecb21c2d94a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6372
x-amzn-requestid: 786cf1ca-9de6-4cd4-a40a-b62416a26067
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d50u0FQ7IAMF6yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad67f8-17a9bd6f4b0c0650384658d1;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 10:12:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9wW3gzhy4lD6BDNI_dcrEK2nQYusAiK9Z2hsapn7uEFKq9F3ZzDsNg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Dec 2022 05:15:45 GMT
age: 47911
etag: "25a931a0c81b4cba304a1fd5c16c22fae2d1406b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c0d5fb3791917c41549447f9de79803
1b2c18e9474133539ec54b2e77112256aefadda8
f81084ebe03cff7659902d1afdd44c0f95ecffa96b880550b6a0b51191348222
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8071
x-amzn-requestid: 0085b429-3682-43ad-a47b-be03cbe32c53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7Zx1FOfoAMF-DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae09a5-450206562924e25e363b1ccc;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:41:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S_FfIgQU5dbZ4B8xhnYGgKIWaZ03PUrzbD5qdV7ASZegKf6TWwpAgw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:29:29 GMT
age: 28509
etag: "1b2c18e9474133539ec54b2e77112256aefadda8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YyIKd_GHAixWYqzjn0XD2Jwal3Jt62L90StfgPkCkJWU3RQml-u6oA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:39 GMT
age: 30179
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c2c002a-1bb0-4068-ae8d-1a6084d25882.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c2c002a-1bb0-4068-ae8d-1a6084d25882.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c46e1bef88888c696a5b738cda36c3
f141945c937c6451e3755c50bc667eb4402323fa
9865b30f08ece1260d104efc43adfd7d0b0838a1d9943064cad0660c44cb7794
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c2c002a-1bb0-4068-ae8d-1a6084d25882.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7603
x-amzn-requestid: 8b237071-10d4-4e2b-9300-2b3d3f63c6ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZTTGtlIAMFaRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e1-21bcb7db243cb5fc6598342e;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: l2NXwUwBWNuIhyY3Xr6bWp77AlT8TULAVey2eLz9DM8dUshgAIci9g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:51:19 GMT
age: 30799
etag: "f141945c937c6451e3755c50bc667eb4402323fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5df739293f8846ba42b9ee2748ddec0
8ae554e7a9944145b58cdf14433e382e0b09d417
2a2bbd6219432e6a451838ca1266972fb412190fbf1c96351f3f0372143eea2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9748
x-amzn-requestid: 06f61fb6-c474-4c29-8e2a-3c94086c0a96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZmOG9DoAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae095a-731b23c915809aba62afd050;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:40:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KjGfhkZcBsccQksbbE0udUABqQ-3whKNn_2vVln0AVvrd-Uwas_O6w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:37 GMT
age: 30188
etag: "8ae554e7a9944145b58cdf14433e382e0b09d417"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2