r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16588
Expires: Sun, 12 Mar 2023 12:15:22 GMT
Date: Sun, 12 Mar 2023 07:38:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 99824e6e553dd5649b1d199589a6dab2
00b2c24f6ef22620045c3b2ef7a63ea9ac8cc0a2
3a4695284040436fd256023da7d39bab8b16f8a2d4f7105c0f995f610dcab2d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A4695284040436FD256023DA7D39BAB8B16F8A2D4F7105C0F995F610DCAB2D2"
Last-Modified: Thu, 09 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3780
Expires: Sun, 12 Mar 2023 08:41:54 GMT
Date: Sun, 12 Mar 2023 07:38:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 33723bd3cb2d70f8f86442863df61ec1
ee9f60025e885c09ff570c4e8f641bcc25ff83f0
dc794aeea289e16c4f217e2e3379cc434b6071badbf9ab6d64884707eafee538
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC794AEEA289E16C4F217E2E3379CC434B6071BADBF9AB6D64884707EAFEE538"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10826
Expires: Sun, 12 Mar 2023 10:39:20 GMT
Date: Sun, 12 Mar 2023 07:38:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 12 Mar 2023 07:13:57 GMT
content-type: application/json
age: 1497
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZL6L3IC+S/tj1PV7+9BFSt++rJoxbPP2Zcsvz+kYe3HSXVmU+xk+xtqGp9SUH2EWRiHe3spKSX0qqVOpWAa37g==
x-amz-request-id: PQMQNS6JXYJBP4ZG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 12 Mar 2023 06:45:52 GMT
age: 3182
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
visaprepaidsecure.ikwb.com/
34.152.4.194302 Found 228 B URL HTTP/1.1 visaprepaidsecure.ikwb.com/
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5bb01f61fc32649a7229f91202a8216e
77ff0b8d68be5555339e55b55b1235025fee063c
307f23c1d9add4b490af4d79c0ec454ffb35998c65e93bcb60b9ae947d84074a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET / HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Location: http://visaprepaidsecure.ikwb.com/nextcloud/
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 07:38:54 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
visaprepaidsecure.ikwb.com/nextcloud/
34.152.4.194400 Bad Request 3.8 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 953ffa36c1d64e2d45dcec35ddf69387
f207eee902361c2b41633e12857ce50452d0e942
22105127d147ed76d18bedd55893ad1de4d8f76b2ae52d1802b088d7f72e8bf3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/ HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 400 Bad Request
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Powered-By: PHP/7.2.34
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; path=/nextcloud; HttpOnly
oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; path=/nextcloud; HttpOnly
nc_sameSiteCookielax=true; path=/nextcloud; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-Yi9tRnJPeUhUeHJNTEpJZWJvcVpPQU1IREpXQldUSTliMFhSVGR4L2Q2MD06WE5ic3haWEFBR0s2Rk9GTlhiblFZbXR1V3ZqTGFWMXNSQjNwS2U4SVFZWT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Content-Length: 3782
Connection: close
Content-Type: text/html; charset=UTF-8
visaprepaidsecure.ikwb.com/nextcloud/core/css/guest.css?v=9df1aed6-31
34.152.4.194200 OK 21 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/css/guest.css?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (455)
Hash 3cf7f9d18be3658f559d994046f04ab8
caa6ddc3d7fe5901a5cd5a2658668d560c20c023
7594dd69cba8337593c785148c7bcd8c92d6ac65b8da08b144e7c646dc099e88
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/css/guest.css?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "52c9-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 21193
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
visaprepaidsecure.ikwb.com/nextcloud/core/search/js/search.js?v=9df1aed6-31
34.152.4.194200 OK 5.6 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/search/js/search.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash e078734ffd2a3e969c08569478b35344
7b07dfa070c41d1e8a6a9c402157b8885e3b1e28
4f2c8ef3424fcbc1406b241010a92927fdd3086ec3287d08f5fb64a60b3b3a63
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/search/js/search.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:50 GMT
ETag: "15b8-5a73d0dcdfb80"
Accept-Ranges: bytes
Content-Length: 5560
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
visaprepaidsecure.ikwb.com/nextcloud/core/search/js/searchprovider.js?v=9df1aed6-31
34.152.4.194200 OK 12 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/search/js/searchprovider.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 320ae4cdf588d258c35e7a0ae2e0017a
32dbb938a532c7fcb6298bfda0da6f3bca23192a
b288ab0be95ae2956e40d567f9002594f0e05046ad5fe6f9480304424a592c48
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/search/js/searchprovider.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:50 GMT
ETag: "309c-5a73d0dcdfb80"
Accept-Ranges: bytes
Content-Length: 12444
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
visaprepaidsecure.ikwb.com/nextcloud/index.php/core/js/oc.js?v=9df1aed6
34.152.4.194400 Bad Request 4.3 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/index.php/core/js/oc.js?v=9df1aed6
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 5901900b4dd3b016a9b769efffeaece0
7e87f311debff4b4ebbd5a604b7bde617905b1fa
8108df5529e8eb67f0362419c0ddbe98227d7543b5c267003513f121b3bff4cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/index.php/core/js/oc.js?v=9df1aed6 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 400 Bad Request
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Powered-By: PHP/7.2.34
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-WmdiZEFJMjB2OFFaUTAzUERVblZYUlVVMmU3YlAvL2ZnL0hPVVYwc3NlUT06VlNtMGFmVHo4THh2ZXo2Y1BucWNCMzE5ajRPUkQ1Q09xS24yTlc1Ymg4OD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Content-Length: 4267
Connection: close
Content-Type: text/html; charset=UTF-8
visaprepaidsecure.ikwb.com/nextcloud/index.php/js/core/merged-template-prepend.js?v=9df1aed6-31
34.152.4.194400 Bad Request 4.3 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/index.php/js/core/merged-template-prepend.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0197ca3ba14f11d9bd0ca85c78a424cc
20b4b074717ee2f8982bd6bc01c2a572914c6e50
a7aa3a547494cf227ecd5bc5bd16bae5804bd0d5d0280308ceb3dcdcff375b61
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/index.php/js/core/merged-template-prepend.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 400 Bad Request
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Powered-By: PHP/7.2.34
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-alBwYXBKRDd3NThLTmhCT0I4bUFxMnlJbmdCNUFxdGw0bC9qWVRlNkp1Yz06djlVenplbThqT2Q4RG1NZE5Qcko4UVRoeUcwek1zUTB5UWZiQlFUTkVNdz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Content-Length: 4267
Connection: close
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Pragma, Last-Modified, ETag, Retry-After, Cache-Control, Content-Type, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 12 Mar 2023 07:12:32 GMT
age: 1583
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
visaprepaidsecure.ikwb.com/nextcloud/core/js/files/fileinfo.js?v=9df1aed6-31
34.152.4.194200 OK 2.1 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/js/files/fileinfo.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d2dc6ddc0e4935122420c637cdd594b0
8577c5ad28f2727f54b80459886dc656ac5e51c4
92c2fe4f9fef817b19874899a44a550ddc7229172437b9a42d206f92cb900d34
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/js/files/fileinfo.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "85e-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 2142
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
visaprepaidsecure.ikwb.com/nextcloud/core/img/logo/logo.svg?v=9c341b200b44de2580de49d2f239753166ed94eb
34.152.4.194200 OK 321 B URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/img/logo/logo.svg?v=9c341b200b44de2580de49d2f239753166ed94eb
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320)
Hash 28cf7233703a8887d8fea1300203e8ea
3064d00c415b24b93ee3c902df46623690765b2f
7593c5986dfeea65e605aa7fc5c286550de5f4307962e017c1683a808c8a320f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/img/logo/logo.svg?v=9c341b200b44de2580de49d2f239753166ed94eb HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "141-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 321
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18721
Expires: Sun, 12 Mar 2023 12:50:56 GMT
Date: Sun, 12 Mar 2023 07:38:55 GMT
Connection: keep-alive
visaprepaidsecure.ikwb.com/nextcloud/core/fonts/Nunito-Regular.woff2
34.152.4.194200 OK 20 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/fonts/Nunito-Regular.woff2
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format (Version 2), TrueType, length 19600, version 1.0\012- data
Hash fe67e10445323683dab69663f6a4718a
7db3cfb39e5d777a8134e945316b2875367b816b
0420bbe7ccf39972cf0d8840155a57ba498afad2bcca98f0834ef2d80d646bed
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/fonts/Nunito-Regular.woff2 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "4c90-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 19600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=604800
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
visaprepaidsecure.ikwb.com/nextcloud/core/js/files/client.js?v=9df1aed6-31
34.152.4.194200 OK 24 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/js/files/client.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 9e98b4a23f0ae956b849d6bd74d7a686
4885434a587484ee94269dd96dd946c13573fce7
767c6a6cf324a4d57c7ab199cc86958a1311b0baf41fcf43f6210b54457225bd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/js/files/client.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "5c6f-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 23663
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
visaprepaidsecure.ikwb.com/nextcloud/core/fonts/Nunito-Bold.woff2
34.152.4.194200 OK 20 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/fonts/Nunito-Bold.woff2
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format (Version 2), TrueType, length 19748, version 1.0\012- data
Hash dd42f32ac2e37e4d8705820d0b8dd202
c2efd56629a2bfebf8acacaacc4fc74f4caed884
65affc2090809c430437d54d5d413fb1e803e5cfb42e80a14318839abf604be5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/fonts/Nunito-Bold.woff2 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "4d24-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 19748
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=604800
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
visaprepaidsecure.ikwb.com/nextcloud/core/img/logo/logo.svg?v=1
34.152.4.194200 OK 321 B URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/img/logo/logo.svg?v=1
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320)
Hash 28cf7233703a8887d8fea1300203e8ea
3064d00c415b24b93ee3c902df46623690765b2f
7593c5986dfeea65e605aa7fc5c286550de5f4307962e017c1683a808c8a320f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/img/logo/logo.svg?v=1 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "141-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 321
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
push.services.mozilla.com/
52.40.68.141101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.40.68.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tmoq2P1XERiM5rjPzFJIsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: z1BspBD4gN0pHFt0yYxsSrbEP1o=
visaprepaidsecure.ikwb.com/nextcloud/core/img/background.png?v=2
34.152.4.194200 OK 103 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/img/background.png?v=2
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 1920 x 980, 4-bit colormap, non-interlaced\012- data
Size 103 kB (102736 bytes)
Hash 140b3322ba1e1cabf6812c6cf6f2689e
069e6727b1c22aad7aac2bbcccdebe947e32f698
dc9fe51615e5878564447d28990d9e241a747b295b10e8877272421cc2093a0e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/img/background.png?v=2 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "19150-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 102736
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
visaprepaidsecure.ikwb.com/nextcloud/core/js/dist/main.js?v=9df1aed6-31
34.152.4.194200 OK 1.2 MB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/js/dist/main.js?v=9df1aed6-31
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (54226)
Size 1.2 MB (1221941 bytes)
Hash b2e5a9d1ee4625ed76ed20f5b3353e98
0dc67fdc51f25cfbc82b692cb21910c4b67261e6
57f9cfab4826b018c83e9e60c60aa98ae8ef4ee8ff4e13e74a856e57481dfc83
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/js/dist/main.js?v=9df1aed6-31 HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "12a535-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 1221941
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Cache-Control: max-age=15778463
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
visaprepaidsecure.ikwb.com/nextcloud/core/img/favicon-touch.png
34.152.4.194200 OK 2.9 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/img/favicon-touch.png
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 711850217856c041d3c53f47013d0396
ac4bed144350975da430e98e1b9561230119318f
e22c2ee2a138d108b42170e02128e27bb3c464c94e4fa8fd541d2c26fb46a2dc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/img/favicon-touch.png HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "b66-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 2918
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
visaprepaidsecure.ikwb.com/nextcloud/core/img/favicon.ico
34.152.4.194200 OK 3.3 kB URL HTTP/1.1 visaprepaidsecure.ikwb.com/nextcloud/core/img/favicon.ico
IP 34.152.4.194:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel\012- data
Hash 68f33e69aa1a4a9cbfbacd6a553ef422
8dbd058612591a5dee5e077983dc89a49382888e
bea7d85401905c569359239339770d962854ccda24f134a76f492ab58ecde9f5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
GET /nextcloud/core/img/favicon.ico HTTP/1.1
Host: visaprepaidsecure.ikwb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ocgo9hsg8vg5=0aa0ddeedc75dcd45f4f313f82691fd2; oc_sessionPassphrase=IFNjoNWfUdBEPaNR3dm01Z6FXTHWGQ%2Fr8sfNvY3YjMprVhXpSpbkodpqRiWDrwq9mYZvDkeaRysB6lS1yEqfxWQ%2Bibu0HCV22WazSQQ%2FiN%2B%2B4%2FpdXICua75T4%2FJHzzHD; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Date: Sun, 12 Mar 2023 07:38:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Thu, 04 Jun 2020 07:25:49 GMT
ETag: "cbe-5a73d0dbeb940"
Accept-Ranges: bytes
Content-Length: 3262
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin, no-referrer
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19695
Expires: Sun, 12 Mar 2023 13:07:11 GMT
Date: Sun, 12 Mar 2023 07:38:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19695
Expires: Sun, 12 Mar 2023 13:07:11 GMT
Date: Sun, 12 Mar 2023 07:38:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19695
Expires: Sun, 12 Mar 2023 13:07:11 GMT
Date: Sun, 12 Mar 2023 07:38:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19695
Expires: Sun, 12 Mar 2023 13:07:11 GMT
Date: Sun, 12 Mar 2023 07:38:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:55 GMT
age: 35761
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60c95e46b874e5404fe3d3cc03e60512
2a5c926ca9264e71c52e7a714389ffba9caa7a71
65bfa154efbb8a169f32c8b8cffd31faaacc6daf7b7e4fb2ac655b68e1a8c4e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7117
x-amzn-requestid: 42df44a6-6963-4db2-9ab5-534c9883a559
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosv8ErJIAMFtfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cc-20f83d8f7715fff50d8977a3;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: UkM0v5LR5xQj0uH3b7UE6XuOq_6xo2ah3kNnFZnQEjFJF4oUXjdS8A==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 50faaaa196a6b0875217ef7827f97d7c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:45 GMT
etag: "2a5c926ca9264e71c52e7a714389ffba9caa7a71"
content-type: image/jpeg
age: 35771
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fd5c28821c8bf2d62d0c4332f06bd71
6e2c08457854437b2b851340277d31439e5ab470
86725a37e80a10c5b0b52a10e498225d97565752ec25303cb159a34386a49523
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: b556bc0e-9cf5-4062-9df4-0ccee00cbab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoswFH5soAMF2SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cd-0ba8e60549c78f9d3b720a20;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFRUOo6vNYBlNXfP-XzizobifYejOdXIuu_bj2owYGiDHDsv1HrMhA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:03:58 GMT
age: 34498
etag: "6e2c08457854437b2b851340277d31439e5ab470"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eec0a8ace7d436f1b1274597ce85d1e5
b77e1a9598e9623fa633adc18cf1109420f93f85
aae51362b60519c7193c4c8b71215147d382e337ac257ce1aed362b05f840db9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8229
x-amzn-requestid: d45ea140-a43e-4c2d-8aea-0f15df3f2385
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoszIHh_IAMF-qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4e0-714cd100321abf0f2b27939d;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LqoM8WPrW5p9pilcKz3QZs1GHp1a77538Bn9S4ASwqgSRiIViywiuA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:53:23 GMT
age: 35133
etag: "b77e1a9598e9623fa633adc18cf1109420f93f85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26033b42139d27c847cf9881a17e0332
b196fbef36c2a5242abfc5d7115f1efd39499453
028dd1c86eaab6b991ad3dcb7fda21cdcfe8f9b22155c6bcb9363fbe379096ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4512
x-amzn-requestid: e9ba0dc3-3e1a-4ff5-8d0d-57386ced2fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotIeGZ-IAMFmBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf569-1a45fa73148fb01f3822ee29;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:40:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 5dasHBaMZCENF6r8miupz4Jzeqy_tuotsvkcSRgs6AtsrWexauN6SQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:45 GMT
age: 35771
etag: "b196fbef36c2a5242abfc5d7115f1efd39499453"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2aa4702768ef600fa142d8c3c743b98f
76b13f7b79c4aa480f200fccfb560ab53ecd5bb9
4b1b434fe5cf4433f64c8db09c23e5e277376340b02d5d5525240e945c7fc566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4401
x-amzn-requestid: 6f371237-3ff4-4203-a494-3681af1f7e6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BjaoCFtRoAMFp0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ad7cc-7d39790a70491a7552a5967d;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 07:10:04 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: IRo_eRF3c1EP9pYFFsoYVRqsGoo9sf5p2N7lJO4ycxheW9cU-stB6g==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 f958a3846d80a3925f664b320dfad9c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 07:11:54 GMT
age: 1622
etag: "76b13f7b79c4aa480f200fccfb560ab53ecd5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2