| r3.o.lencr.org/ |  23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash048cda18c6dbe7c4e4b106f5e1104b0a 1bd6f3367ccf446263b00ad8c1ece15a4164730b 66a680d9b8e454db94e14d2c4a466891e538b2d83ccee0dc65be62163992b4e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66A680D9B8E454DB94E14D2C4A466891E538B2D83CCEE0DC65BE62163992B4E0"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2673
Expires: Wed, 21 Dec 2022 19:51:32 GMT
Date: Wed, 21 Dec 2022 19:06:59 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashb8fbcd7ca1a893d05677318a8a198e7a 0851654c21f6e3741887e7deab8098c1dc56f33c edbade5913ace2fcbb932922e9af69acb2e8759474a2eeaec216307247fea361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDBADE5913ACE2FCBB932922E9AF69ACB2E8759474A2EEAEC216307247FEA361"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12229
Expires: Wed, 21 Dec 2022 22:30:48 GMT
Date: Wed, 21 Dec 2022 19:06:59 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashff250d3ef3fa45322bf05039a0122a9f b3e7a2c383bce1bab807dbe1a03c375258b51f1d d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 21 Dec 2022 18:45:56 GMT
content-type: application/json
age: 1263
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash32167242c3bbe7e45a2a865279df94a6 d03436f418ff77d50a553daa892c05e0725ba908 d5578d537296da18f3f349a98465e9fe930dca60a8ed62c183e9c9f6eb53f493
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5578D537296DA18F3F349A98465E9FE930DCA60A8ED62C183E9C9F6EB53F493"
Last-Modified: Wed, 21 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18753
Expires: Thu, 22 Dec 2022 00:19:32 GMT
Date: Wed, 21 Dec 2022 19:06:59 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb1fcd419a4245617397846e8d17233f6 2a037ce244587640b27ead9a0ec2af4f862d91b2 e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VpTNHzbDlRzTAjXGJEPQxtl0kxpixbtIvHl3SSvlqV/OrXyVDPCSiBdaMROOd4at7aM3A2SX6lE=
x-amz-request-id: ZHWCKCCKTKQFXHGQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Dec 2022 18:53:19 GMT
age: 820
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:06:59 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 21 Dec 2022 18:08:02 GMT
age: 3538
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash859d899d982bb69df5fb16b8393fa119 580215f1d4f81cda04012c0889cfd9b18ba11863 38159dd549e94d45798b614efa5f968de7b74830c845220d1b6c1435f3940a94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: max-age=143017
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 19:07:00 GMT
Etag: "63a2ccaa-1d7"
Expires: Fri, 23 Dec 2022 10:50:37 GMT
Last-Modified: Wed, 21 Dec 2022 09:06:50 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
|
|
| push.services.mozilla.com/ | 54.186.209.73 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.186.209.73:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4eVmxCNlM6++FeQh9Xmg7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: K1Zb1PdN+KHa+BNp2KG38AWaPzY=
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20838
Expires: Thu, 22 Dec 2022 00:54:19 GMT
Date: Wed, 21 Dec 2022 19:07:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20838
Expires: Thu, 22 Dec 2022 00:54:19 GMT
Date: Wed, 21 Dec 2022 19:07:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20838
Expires: Thu, 22 Dec 2022 00:54:19 GMT
Date: Wed, 21 Dec 2022 19:07:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20838
Expires: Thu, 22 Dec 2022 00:54:19 GMT
Date: Wed, 21 Dec 2022 19:07:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20838
Expires: Thu, 22 Dec 2022 00:54:19 GMT
Date: Wed, 21 Dec 2022 19:07:01 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg | 34.120.237.76 | 200 OK | 9.1 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3bd6359db3b908389343275ee839466b 9094f8e9275252a8e9d5e65fd3e87851b2f80bd7 7380590a93f8a21907c39ddce2f51c599161f219522df4099e9c1a82bcd1e40e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9069
x-amzn-requestid: 103b5caf-fa82-4d66-97e6-99c77027f759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DG_hoAMFoKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-1a4accb80dbf5e9f2f696c85;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D8V_RlBCxL1RHxtCyWkX7_IsCCrOdv2o1Wdic0N_aUz0qguhANp88A==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:22 GMT
age: 77379
etag: "9094f8e9275252a8e9d5e65fd3e87851b2f80bd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb67d0976563ea9460d94e27ff920f9da f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92 c7ec3c4b87b700796008690562a6033481a7ad826fb2f45875cd6add06189568
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10154
x-amzn-requestid: f317432b-7dda-439b-bc02-9c76412e9de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DGlfoAMF5Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-13a5af4c477a1019544222f4;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hmIpamyZaOLQ8eQrYQBFhpOuRUVo-QDZJHVaPq0Pv7FGpRMIOTAOmw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 3bb2b699cd244bf37141ea08a6a61732.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:54:39 GMT
age: 76342
etag: "f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg | 34.120.237.76 | 200 OK | 9.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8f5b2e482a0944dfc0de3a69659fa002 64dd897d9163a6eceadc0c5460cdd135d323abb3 feb1a63a27859b88257d50c3c8723131978fd1f363a6f9e1297b91549b4aed9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 981a0010-ec53-4659-818b-4cfa39fa8cd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuhqGUbIAMF_QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e0a-65b084547c4d2b4414236f84;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:02:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -AR7jIQqHV2XWDLH1W7rybyRGcDQ4oSGQsneAScw7MHK3nwjYYkjWg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:05:45 GMT
age: 43276
etag: "64dd897d9163a6eceadc0c5460cdd135d323abb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc7ac0b5738bab6b4ed770c26ca922250 e56fd4ee2f5354a54a6271db2be528f98eecd3d7 5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFtrPmVeBdwlINxF0wQq0671EksYsi6nsyFd5E4SCSH4_bQyGaNQHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:54:35 GMT
age: 40346
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd4aa7e9e3fe28e9c401786f7415171f7 8482a47175ff105957d640269bc14ee1fbc97448 2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MiX_AJgXGldkYjkeHO1OUPzraljox6v7B1M54cJPBdmfUZ7QETowOw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:55:36 GMT
age: 76285
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa02d8232-1c91-401a-912a-46f6c668862e.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa02d8232-1c91-401a-912a-46f6c668862e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8218fde73bff9978e07b0e06e1f7f0fb ab15f8d74ea032d89f65603b4eef2377dc97e358 134d5a1046ea50f37f0234a4d1d167130b2950a1d61e93e2340dccbc922b4844
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa02d8232-1c91-401a-912a-46f6c668862e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9493
x-amzn-requestid: 54028261-e98d-4bb6-98da-51d41edc6d2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da61jElIIAMFl8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10b56-7eeb3b142dd3d0f92e9fa9ba;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 01:09:42 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: oXQy1PwLBW8u0kv_sHcypb8QB6xwLtYMy4eWRZVQaD2xYjpw2dGA3A==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 f3ac324bf05099849ebda59e8136db0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 05:58:46 GMT
age: 47295
etag: "ab15f8d74ea032d89f65603b4eef2377dc97e358"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/ | 167.160.188.147 | 301 Moved Permanently | 162 B |
URL HTTP/1.1www.ekl-co-jp.ekilnet.lkqlua.top/ IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | quad9 | Sinkholed | |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to a *.top domain |
GET / HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 21 Dec 2022 19:07:02 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.ekl-co-jp.ekilnet.lkqlua.top/
Strict-Transport-Security: max-age=31536000
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashb731684b2d372e3fea4faa43a82cfa2b fea25a603c6670797db73dcda47bb1978b2e1088 38ee529795007edcfe8ea825abcdc89616b1c46353702e4dd676445ea669711f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38EE529795007EDCFE8EA825ABCDC89616B1C46353702E4DD676445EA669711F"
Last-Modified: Wed, 21 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20742
Expires: Thu, 22 Dec 2022 00:52:45 GMT
Date: Wed, 21 Dec 2022 19:07:03 GMT
Connection: keep-alive
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/load_font.css | 167.160.188.147 | 200 OK | 786 B |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/load_font.css IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typeUnicode text, UTF-8 (with BOM) text, with CRLF line terminators Hashe5e9c29d3e29a70eac9e75c8ff33c1e0 02989c93ef00ae8fe0c1e4a0e684888032ac614c 5a747edf977ecc4f35d6773d5407ce5df4365444ddac17d596a724e5b69e791e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/css/load_font.css HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: text/css
content-length: 786
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-312"
expires: Thu, 22 Dec 2022 07:07:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/logo_ekinet.png | 167.160.188.147 | 200 OK | 7.5 kB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/logo_ekinet.png IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typePNG image data, 186 x 52, 8-bit/color RGBA, non-interlaced\012- data Hash993c5429eae331230c45b6c12fa1cf01 bf068822793fab34c4c84dbfea9442f94ac69e4e 3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/images/logo_ekinet.png HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: image/png
content-length: 7480
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-1d38"
expires: Fri, 20 Jan 2023 19:07:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/logo_jreast.png | 167.160.188.147 | 200 OK | 2.9 kB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/logo_jreast.png IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typePNG image data, 88 x 68, 8-bit/color RGBA, non-interlaced\012- data Hash5dc3fb68ca54c0446848c5786df4063c a459d4dddd3b2c788883ef9d07add9640a49330b ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/images/logo_jreast.png HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: image/png
content-length: 2909
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-b5d"
expires: Fri, 20 Jan 2023 19:07:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_input_ok.png | 167.160.188.147 | 200 OK | 3.2 kB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_input_ok.png IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typePNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data Hasha4a91639d8d3d804985fef75e1fbb4cc 152f6d800881c85bdce965cf204856d954d74bec d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/images/icon_input_ok.png HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: image/png
content-length: 3229
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-c9d"
expires: Fri, 20 Jan 2023 19:07:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_linkblank.png | 167.160.188.147 | 200 OK | 166 B |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_linkblank.png IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data Hash73c445fe98114a16d3d453a359f24e48 5a987bf2d56d11b069d788d512f869431566b5bc e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/images/icon_linkblank.png HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: image/png
content-length: 166
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-a6"
expires: Fri, 20 Jan 2023 19:07:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_linkblank-1.png | 167.160.188.147 | 200 OK | 166 B |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/images/icon_linkblank-1.png IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data Hash73c445fe98114a16d3d453a359f24e48 5a987bf2d56d11b069d788d512f869431566b5bc e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - East Japan Railway Company | | urlquery | phishing | Phishing - East Japan Railway Company | | openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/images/icon_linkblank-1.png HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: image/png
content-length: 166
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "6342c2f0-a6"
expires: Fri, 20 Jan 2023 19:07:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/ | 167.160.188.147 | 200 OK | 22 kB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/ IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
Hash1ee30fcafbc7a878cf827e6a502c76e6 c3802da26bc48dce7ac0c6b9eed3ecd6b7f22b03 6022d7353f79e1274817e757df7afef3e156b3d6b701cac4ba34eaba70d9e8c5
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to a *.top domain |
GET / HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; path=/
_amkc=19d43af4-48b4-4314-882a-5d2d7e85ce44; expires=Wed, 21-Dec-2022 19:32:03 GMT; Max-Age=1500; path=/; domain=www.ekl-co-jp.ekilnet.lkqlua.top
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Wed, 21-Dec-2022 19:32:03 GMT; Max-Age=1500; path=/; domain=www.ekl-co-jp.ekilnet.lkqlua.top
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/member.css | 167.160.188.147 | 200 OK | 4.4 kB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/member.css IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
Hashc12a775644739da724537cc391df7eee bfd8bbc5a18282dec48d7bc7c55347592879c03b f0e74c1f6ad51b8f0cf145abf88cb00862d842f350c03d7c2855c2105cac6f99
| Analyzer | Verdict | Alert |
|---|
| openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/css/member.css HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: text/css
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
vary: Accept-Encoding
etag: W/"6342c2f0-4fe7"
expires: Thu, 22 Dec 2022 07:07:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/vendor/vendor.23238u92u82.js | 167.160.188.147 | 200 OK | 1.2 MB |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/vendor/vendor.23238u92u82.js IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
Size1.2 MB (1243732 bytes) Hash01b37bbc7e00495587ecfe9dc233205c c41171bb700e7486eaa62dbef763333094528648 16fcc632f85d251ba03b1a9f0950f7829baed32114e362eab722285509b0ce3b
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /vendor/vendor.23238u92u82.js HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=19d43af4-48b4-4314-882a-5d2d7e85ce44; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:03 GMT
content-type: application/javascript
last-modified: Fri, 17 Jun 2022 20:31:10 GMT
vary: Accept-Encoding
etag: W/"62ace48e-1375"
expires: Thu, 22 Dec 2022 07:07:03 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/style.css | 167.160.188.147 | 200 OK | 0 B |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/style.css IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
| Analyzer | Verdict | Alert |
|---|
| openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/css/style.css HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: text/css
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
vary: Accept-Encoding
etag: W/"6342c2f0-9a27"
expires: Thu, 22 Dec 2022 07:07:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/top_searchparts.css | 167.160.188.147 | 200 OK | 0 B |
URL HTTP/2www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/css/top_searchparts.css IP167.160.188.147:0 ASN#8100 ASN-QUADRANET-GLOBAL
| Analyzer | Verdict | Alert |
|---|
| openphish | East Japan Railway Company | | | quad9 | Sinkholed | |
GET /eki_ap/css/top_searchparts.css HTTP/1.1
Host: www.ekl-co-jp.ekilnet.lkqlua.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ekl-co-jp.ekilnet.lkqlua.top/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=s6so4hdr2p5ut8g32asoleidua; _amkc=ca17757c-2d06-461b-99e6-06f0d2912b9a; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 19:07:04 GMT
content-type: text/css
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
vary: Accept-Encoding
etag: W/"6342c2f0-1db4d"
expires: Thu, 22 Dec 2022 07:07:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
0.0.0.0