r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3471
Expires: Fri, 27 Jan 2023 21:11:20 GMT
Date: Fri, 27 Jan 2023 20:13:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3474
Expires: Fri, 27 Jan 2023 21:11:23 GMT
Date: Fri, 27 Jan 2023 20:13:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 19:35:23 GMT
content-type: application/json
age: 2286
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11066
Expires: Fri, 27 Jan 2023 23:17:55 GMT
Date: Fri, 27 Jan 2023 20:13:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TIXSg4IujvLUZIs4V0nWMRnXEVB6IlhxuoFhpzSP03KJFPzMPTQcuuY0m9KBOh2B10qFnoS/5X021WYFjbaO6A==
x-amz-request-id: NJC9HM52T2CW1FYS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 19:49:32 GMT
age: 1437
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/
193.42.33.50200 OK 1.2 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/
IP 193.42.33.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (417), with CRLF line terminators
Hash 1d0087575d205bbf99af976acdb33d14
ba7a9d3c7d5f77a18094765bd1ae49446e75abbd
ad557e4e52abc82f310809a7f60611c59da2fb08848b63d06f913d7e6d034aca
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET PHISHING Generic Multi-Email Popupwnd Phishing Landing 2018-01-25
suricata medium ET PHISHING Generic Multi-Email Phishing Landing 2018-08-30
suricata medium ETPRO PHISHING Microsoft OneDrive Phishing Landing Oct 11 2017
GET /Dwn/RsWmLtM&rn1188/ HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:29 GMT
Content-Type: text/html
Content-Length: 1200
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
ETag: "c5a-5f31fd9e38ed7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 20:13:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
193.42.33.50200 OK 1.8 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
IP 193.42.33.50:0
File type ASCII text, with CRLF line terminators
Hash e1eece528f26a8f391d4013d53d3399b
b4769ebe45d4953fdf8c03b3de898948fd0b963d
ebcf3a1038958838bbe9f6d3a2c070098b1ad2e0d0dc3f4a89b929ab84e64a75
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/css/style.css HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:29 GMT
Content-Type: text/css
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d1c990-1adf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
95.101.10.129302 Found 0 B URL HTTP/2 img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
IP 95.101.10.129:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tcc/tcc_l.combined.1.0.6.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
cache-control: max-age=1800
expires: Fri, 27 Jan 2023 20:43:29 GMT
date: Fri, 27 Jan 2023 20:13:29 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/traffic-assets/js/tccl.min.js
95.101.10.129302 Found 0 B URL HTTP/2 img1.wsimg.com/traffic-assets/js/tccl.min.js
IP 95.101.10.129:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /traffic-assets/js/tccl.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://office832459375934985734895.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
location: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
cache-control: max-age=1800
expires: Fri, 27 Jan 2023 20:43:29 GMT
date: Fri, 27 Jan 2023 20:13:29 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/aol.png
193.42.33.50200 OK 1.5 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/aol.png
IP 193.42.33.50:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash ea9772b90a517e9c61577bc209ae005e
91203600807ae62a19b3e49b0261b3dba6956acd
8ebb311bb3652ddc5c78025cef665618b0c979098c9f5eacb9c452a5fdceb3c9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/aol.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 1538
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-602"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/outlook.png
193.42.33.50200 OK 2.1 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/outlook.png
IP 193.42.33.50:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 6ec5d7c8db94bfba6272598af602593a
510a87b3f49ecf51c4b72729773fefdb955518bd
f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/outlook.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 2103
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-837"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/yahooMail.png
193.42.33.50200 OK 2.0 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/yahooMail.png
IP 193.42.33.50:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash e100951d0b2da8bb50259b7e1ceadbe6
19944305aeafcb328be27d6d91fb2d6f4d0c7b15
3a108a7df48da361bd9f5217fd4fd21a70888d5b324b4e13ab80370804cd3b7d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/yahooMail.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 1997
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-7cd"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/office.png
193.42.33.50200 OK 1.4 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/office.png
IP 193.42.33.50:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 4dfcf323758894583269dcd89e8e562b
a8cd8e480e0fc03d4b15acf0b21349638c616e6a
685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/office.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 1421
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-58d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/oneDrive.png
193.42.33.50200 OK 15 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/oneDrive.png
IP 193.42.33.50:0
File type PNG image data, 170 x 114, 8-bit/color RGBA, non-interlaced\012- data
Hash 0687a1330a816d19c12cb00682bfe01d
8399530a32492741f3c56f8b53a8ace886180246
c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/oneDrive.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 14981
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-3a85"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/mail.png
193.42.33.50200 OK 1.7 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/mail.png
IP 193.42.33.50:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 34c474722fc5046a7f984c307050365d
1995edb41e576ceb3c8a1eced59c1d8813f5108e
a2b00dc7e4ff8539cf742bf8d295c111dea08acf46328483d68640135887e70a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/mail.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/png
Content-Length: 1694
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-69e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
95.101.10.129200 OK 11 kB URL HTTP/2 img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
IP 95.101.10.129:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (45837)
Hash 645b88efa25fd10bf181698e5f994175
c702cebb7ad47f0839332bedae7c7913d7113b25
9555a4ec4987438fc2d5ffd29e91bec3e1829e3f765e700f8d8941412e5eb520
GET /wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js HTTP/1.1
Host: img6.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://office832459375934985734895.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
content-encoding: br
etag: "5c3e20ad749ddb088afc84b1b7ff009e"
last-modified: Tue, 29 Nov 2022 21:26:18 GMT
vary: Accept-Encoding
x-amz-id-2: vfCRznBpTwUzsQTqqHQrPBdgJL8bd9m6fgJ2RsnQ7TUvg/tSMOpz6ogFdrj21JebiN+bK0g/VZM=
x-amz-request-id: FH0P3E93SF8PA32Y
x-amz-server-side-encryption: AES256
x-amz-version-id: sTnOEJpl_Bn63xNm3Yru0HbQaHbS55CR
content-length: 11347
cache-control: max-age=31536000
date: Fri, 27 Jan 2023 20:13:30 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/favicon.ico
193.42.33.50200 OK 7.9 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/img/favicon.ico
IP 193.42.33.50:0
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Hash 1195bfe885af7c60b352a3b3bef7e42c
f7f843b3aee1833bc1251b9e0f39edb04f104af2
361de6ae8b67c64b4c14d0852f24f499162ce8bfc7d441dee68bf04a12263a6b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/img/favicon.ico HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:30 GMT
Content-Type: image/x-icon
Content-Length: 7886
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-1ece"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 19:49:03 GMT
age: 1467
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/2018-03-13_1329.png
193.42.33.50200 OK 438 kB URL HTTP/1.1 office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/2018-03-13_1329.png
IP 193.42.33.50:0
File type PNG image data, 1536 x 864, 8-bit/color RGBA, non-interlaced\012- data
Size 438 kB (438448 bytes)
Hash da255da76f2968bb6933ed01c009a1f9
c8031596383b00be5b0167bc1f5339bd7b8eb37e
8e3bfa992b6400c0514260dca56d26d6c2e64eb25d5c9530ad4faa8fac8ace4a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish Microsoft OneDrive
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Dwn/RsWmLtM&rn1188/css/2018-03-13_1329.png HTTP/1.1
Host: office832459375934985734895.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/Dwn/RsWmLtM&rn1188/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 20:13:29 GMT
Content-Type: image/png
Content-Length: 438448
Last-Modified: Thu, 26 Jan 2023 00:30:08 GMT
Connection: keep-alive
ETag: "63d1c990-6b0b0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16957
Expires: Sat, 28 Jan 2023 00:56:07 GMT
Date: Fri, 27 Jan 2023 20:13:30 GMT
Connection: keep-alive
events.api.secureserver.net/t/1/tl/event?cts=1674850410191&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=1816120343&vg=1422ee40-0edf-5aba-a606-964710c52267&vtg=1422ee40-0edf-5aba-a606-964710c52267&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=f5ba674e-b9a5-5dba-b3b1-ad14060c211e&ht=perf&tce=1674850408969&tcs=1674850408943&tdc=1674850410183&tdclee=1674850409816&tdcles=1674850409814&tdi=1674850409814&tdl=1674850409506&tdle=1674850408943&tdls=1674850408941&tfs=1674850408941&tns=1674850408952&trqs=1674850409055&tre=1674850409467&trps=1674850409467&tles=1674850410183&tlee=0&nt=navigate&nav_type=hard
104.84.152.186200 OK 43 B URL HTTP/2 events.api.secureserver.net/t/1/tl/event?cts=1674850410191&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=1816120343&vg=1422ee40-0edf-5aba-a606-964710c52267&vtg=1422ee40-0edf-5aba-a606-964710c52267&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=f5ba674e-b9a5-5dba-b3b1-ad14060c211e&ht=perf&tce=1674850408969&tcs=1674850408943&tdc=1674850410183&tdclee=1674850409816&tdcles=1674850409814&tdi=1674850409814&tdl=1674850409506&tdle=1674850408943&tdls=1674850408941&tfs=1674850408941&tns=1674850408952&trqs=1674850409055&tre=1674850409467&trps=1674850409467&tles=1674850410183&tlee=0&nt=navigate&nav_type=hard
IP 104.84.152.186:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /t/1/tl/event?cts=1674850410191&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=1816120343&vg=1422ee40-0edf-5aba-a606-964710c52267&vtg=1422ee40-0edf-5aba-a606-964710c52267&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=f5ba674e-b9a5-5dba-b3b1-ad14060c211e&ht=perf&tce=1674850408969&tcs=1674850408943&tdc=1674850410183&tdclee=1674850409816&tdcles=1674850409814&tdi=1674850409814&tdl=1674850409506&tdle=1674850408943&tdls=1674850408941&tfs=1674850408941&tns=1674850408952&trqs=1674850409055&tre=1674850409467&trps=1674850409467&tles=1674850410183&tlee=0&nt=navigate&nav_type=hard HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://office832459375934985734895.duckdns.org
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: http://office832459375934985734895.duckdns.org
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Fri, 27 Jan 2023 20:13:30 GMT
X-Firefox-Spdy: h2
events.api.secureserver.net/t/1/tl/event?cts=1674850409814&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=2038760902&vg=8696525d-fab4-574c-97cf-6433ab86b3da&vtg=8696525d-fab4-574c-97cf-6433ab86b3da&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=dff3e05d-76a4-5afd-b85b-f7a1ee926e15&ht=pageview
104.84.152.186200 OK 43 B URL HTTP/2 events.api.secureserver.net/t/1/tl/event?cts=1674850409814&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=2038760902&vg=8696525d-fab4-574c-97cf-6433ab86b3da&vtg=8696525d-fab4-574c-97cf-6433ab86b3da&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=dff3e05d-76a4-5afd-b85b-f7a1ee926e15&ht=pageview
IP 104.84.152.186:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /t/1/tl/event?cts=1674850409814&dh=office832459375934985734895.duckdns.org&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=745220880&cv=2.0.1&z=2038760902&vg=8696525d-fab4-574c-97cf-6433ab86b3da&vtg=8696525d-fab4-574c-97cf-6433ab86b3da&dp=%2FDwn%2FRsWmLtM%26rn1188&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&hit_id=dff3e05d-76a4-5afd-b85b-f7a1ee926e15&ht=pageview HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://office832459375934985734895.duckdns.org
Connection: keep-alive
Referer: http://office832459375934985734895.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: http://office832459375934985734895.duckdns.org
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Fri, 27 Jan 2023 20:13:30 GMT
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.234.248.92101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.234.248.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /y/Qrk31rITqdKkEpEdlAw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DuitxQDs3b/MeQXOxgAmMPkepxA=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12638
Expires: Fri, 27 Jan 2023 23:44:10 GMT
Date: Fri, 27 Jan 2023 20:13:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 80624
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MApUIVJ9KiOB34nLWUtMNmA8deQVoQ9xyNqSUYXlzdLlGoP9n78C5A==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 06:24:42 GMT
age: 49730
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 5851
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 80624
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 16:31:38 GMT
age: 13314
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KGNpzuI2ny_1LH90atWa09SPYG7Ovolbv_KvL8nC6fUk59z-6TFsMQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:05:08 GMT
age: 61704
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2