urlquery - report: hwtavuqzqg.duckdns.org/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
hwtavuqzqg.duckdns.org (53)	0			18947	1691301	199.167.138.75
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-26T05:09:18Z	782	2373	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413	5882	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606	127	52.39.57.61
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3246	53891	34.120.237.76
r3.o.lencr.org (9)	344	2020-12-02T09:52:13Z	2023-03-26T05:09:13Z	3042	7974	23.36.77.32

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-23 06:39:53 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-23 06:39:53 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:53 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:54 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-23 06:39:55 UTC	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Date	UQ / IDS / BL	URL	IP
2023-05-31 21:48:29 UTC	3 - 13 - 2	otvcypvekb.duckdns.org/	199.167.138.75
2023-05-30 18:56:10 UTC	3 - 15 - 2	oigtmaqufr.duckdns.org/	199.167.138.75
2023-05-30 00:54:02 UTC	3 - 13 - 2	chnkqkpqqs.duckdns.org/	199.167.138.75
2023-05-24 10:04:14 UTC	3 - 13 - 0	myjxnrnhro.duckdns.org/	199.167.138.75
2023-05-21 11:55:53 UTC	3 - 13 - 0	rmvkguzhgp.duckdns.org/	199.167.138.75

Date	UQ / IDS / BL	URL	IP
2023-05-31 22:44:08 UTC	3 - 13 - 2	ecyzyusufi.duckdns.org/	199.167.138.23
2023-05-31 21:48:29 UTC	3 - 13 - 2	otvcypvekb.duckdns.org/	199.167.138.75
2023-05-31 14:17:14 UTC	0 - 0 - 3	198.144.155.45/	198.144.155.45
2023-05-31 12:42:33 UTC	3 - 15 - 0	gfdmpneufz.duckdns.org/	199.167.138.27
2023-05-30 18:56:10 UTC	3 - 15 - 2	oigtmaqufr.duckdns.org/	199.167.138.75

Date	UQ / IDS / BL	URL	IP
2023-03-23 06:39:57 UTC	54 - 57 - 0	hwtavuqzqg.duckdns.org/	199.167.138.75

Date	UQ / IDS / BL	URL	IP
2023-03-27 03:37:20 UTC	54 - 57 - 0	kapthswxjg.duckdns.org/	199.167.138.75
2023-03-25 23:46:55 UTC	55 - 58 - 57	iytnjhztpw.duckdns.org/	199.167.138.75
2023-03-25 05:43:35 UTC	55 - 58 - 3	qoraekmolj.duckdns.org/	199.167.138.75
2023-03-25 04:56:36 UTC	54 - 57 - 0	fpqxepggav.duckdns.org/	199.167.138.75
2023-03-24 19:46:00 UTC	55 - 58 - 3	xdoakgvnvc.duckdns.org/	199.167.138.75

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9" Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3407 Expires: Thu, 23 Mar 2023 07:36:33 GMT Date: Thu, 23 Mar 2023 06:39:46 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: bea3185dd820a31c1981317f37c3456d Sha1: 1a548a5d27270fc11df9011837a7149571cedd78 Sha256: 469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51" Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3362 Expires: Thu, 23 Mar 2023 07:35:48 GMT Date: Thu, 23 Mar 2023 06:39:46 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 210a2a42cfc4f4aced144f5de9babcc6 Sha1: ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db Sha256: 59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
GET / HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6405b0db-2dbd" Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text Size: 2677 Md5: dfb42051ef48382e452306aa902fb81b Sha1: e82c224d66ee820c00f055d6a3e12b6162cbd45c Sha256: bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Thu, 23 Mar 2023 06:27:30 GMT age: 736 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: bc86ef2a0cee04915bc360f5821adc8f Sha1: 3658f9028cce204d38f7f48fcfaa2a8e4f54383a Sha256: aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF" Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6207 Expires: Thu, 23 Mar 2023 08:23:13 GMT Date: Thu, 23 Mar 2023 06:39:46 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 51a5d4696a6090c295850554508b51ce Sha1: c44e143c2223546e64b19f543b8101aaf3b11e97 Sha256: 8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: jlwvhoYo349onN2/BxIEMJhcTqG+cdZRExLqzPtjEXgiVdtGSsmz48tULxx1HJM6IOaWmWlYK+Q= x-amz-request-id: HJ5TEDK5392HM45R x-amz-server-side-encryption: AES256 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Thu, 23 Mar 2023 05:59:49 GMT age: 2397 last-modified: Sat, 11 Mar 2023 16:53:15 GMT etag: "e7bace7c1e04d44012e37ddffe36e5d5" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: e7bace7c1e04d44012e37ddffe36e5d5 Sha1: 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 Sha256: 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Thu, 23 Mar 2023 06:39:46 GMT content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /index/patch.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 103 Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT Connection: keep-alive ETag: "634fdab0-67" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 103 Md5: 9fb36388079d1c1bcacf56a90667c2b7 Sha1: 34b6de188790e1966c7b7773a3267c9c476506fb Sha256: aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/common1.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 734 Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT Connection: keep-alive ETag: "640599ba-2de" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 734 Md5: dee10f0aebfbcff35bfd219678bb42d2 Sha1: 007221fb5e14cf49a68a825829ad0cf7dcf9d3c1 Sha256: fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /1.js HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"640c51ae-1322" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (4898), with no line terminators Size: 2385 Md5: 02ffef9274ad266daf86135590207648 Sha1: 97511eb0f9946b7f24b4eb0056ea424a22d039f4 Sha256: 518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/floating_bnr.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634fdab0-1066" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 1441 Md5: 193d7f2e6dcd5d6b9e4d5b63e011f654 Sha1: 7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b Sha256: 14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/autop2022.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634fdcce-10597" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with CRLF line terminators Size: 11961 Md5: f1f175ba60778d6c5edc6810a383f093 Sha1: f3081243b57871612536be750fcc0d65cd88a3b3 Sha256: 4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /2.js HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6401c5a0-1322" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (4898), with no line terminators Size: 2384 Md5: 329721f20b80af5fb1280099bddaac27 Sha1: 688f423b54134281a440627a7908e69eb1689251 Sha256: f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/web_font.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-60b" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 659 Md5: 44afde52eb764fb8dc3bdc93fa5bc5de Sha1: 2ba406581c1ec0adc6ea7d38a30e034b33ba50d3 Sha256: 7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-532" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (1310), with no line terminators Size: 757 Md5: e02bbaac73c3252d7ce5a435be84b161 Sha1: 47837f273a056846417d6a3bbe6afbdcda6eebd8 Sha256: 3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-2839" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (10295), with no line terminators Size: 2652 Md5: d0927936c38bfcd930ca3da5e3c52ee5 Sha1: 4a8b8ad3ad04e9f64f869a835a98140af50db2ec Sha256: 2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6405611a-4523" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with CRLF, LF line terminators Size: 4075 Md5: a36d01f2f8d693c5c0a054f807c180cf Sha1: 7cfe2395344f2fdf1750a470369921187bdd8655 Sha256: 310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/footer_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-18b9" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (6309), with no line terminators Size: 1753 Md5: 843e7c6c055493afb4ad28904f9fd86c Sha1: a2270b1eb98446c961f0dec5a2b26b0ff622a1f6 Sha256: e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Thu, 23 Mar 2023 06:14:33 GMT age: 1513 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /statica/parts.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 460 Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Connection: keep-alive ETag: "634faef2-1cc" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (460), with no line terminators Size: 460 Md5: e00eaa3e7d77d4e20ddf0474a2fb6f29 Sha1: fc6083084099010bd8ff85ac030a0e8dfe546df3 Sha256: 888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634fdab0-de4ea" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators Size: 114640 Md5: 54598c23fa78de05f6527eed7fa80ed1 Sha1: 7085981e4eb347229902592d30938ca8afd2173c Sha256: e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-e056" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (57426), with no line terminators Size: 11983 Md5: ff1cb1d0787b0bec22ed7b8b043100b4 Sha1: 11e0eb3d35e94aad982f5bd35869504e115eb679 Sha256: 992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_branding_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 846 Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Connection: keep-alive ETag: "634faef2-34e" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 846 Md5: a361c29b4c965358cde21dc4e9305dcc Sha1: 819bbc08ba6f276426d44065f6d2c64f4984fe89 Sha256: c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_banner_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-75b" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (1883), with no line terminators Size: 655 Md5: 032a9ee46864dbe108b7bba2b6871471 Sha1: d1ddc8b64b623190429eda145c6650492917403e Sha256: 82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/dynavi_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef2-6f5" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 694 Md5: c7e1ee0df3ac5772ea986fa4f8ecdebb Sha1: 7d20151c9d567ada03df72c00e2f86fc89748eb1 Sha256: e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/KDDIto_faq_api_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/chat_tool_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef4-27ad" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 2782 Md5: 37aaa7f5615d074bc553efd229e73e86 Sha1: b7bdf072c7b46e3db234e5dec0792538d3e7a533 Sha256: bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2-btn.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Content-Length: 592 Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Connection: keep-alive ETag: "634faef4-250" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 592 Md5: e63ea98f8d1d1bfb1c7f4fbf7ec29ddc Sha1: 4756a4950b86b3ac17cca82ce5df9107354fe09b Sha256: a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/osp_parts_ex_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef4-1166" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (4454), with no line terminators Size: 1059 Md5: 2c1d9b4379f5d13dec96a1b31c2c8d8d Sha1: 4ffc40dde93db4259381bb655236a5a48bd94f4d Sha256: e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/add_modules_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef4-11fd" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 1323 Md5: 1c72c54c8c25879029967d3b1bdcd731 Sha1: d99e365e83b8a9d9b9a24afe567b6650e45dc9e7 Sha256: 043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF" Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5743 Expires: Thu, 23 Mar 2023 08:15:30 GMT Date: Thu, 23 Mar 2023 06:39:47 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 050ca4dc2182e0a27573b0d9f32b7834 Sha1: bec14dc5af0d0b32210470673511acd8db404308 Sha256: b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
GET /statica/new_footer_user_assessment_log.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef4-236d" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (9069), with no line terminators Size: 1847 Md5: 3266b365ae2e86e1c4b91925158a6ea0 Sha1: e1785a5abdc9c771fd06045dd45ec595973ac981 Sha256: 48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/font.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 224 Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Connection: keep-alive ETag: "634faef4-e0" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: Unicode text, UTF-8 text, with CRLF line terminators Size: 224 Md5: 9e271e79969e236d11e5d6c330a27e4c Sha1: f3228388293e37e68c505d8675a7424e48f83c92 Sha256: 49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/slick.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef4-135c" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (4948), with no line terminators Size: 1403 Md5: 88b54e9bef8c3f14fa0081cfd81c2ee9 Sha1: f37ba369a45a01e0671140504acddb4ef6890785 Sha256: b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/index_smt.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faef6-1025" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 1151 Md5: 19709a1db45f457eaae000605a66c81b Sha1: 49107bd2722d4b8a63cf89f911bcec873295d5cd Sha256: 3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/style.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"64056790-f213" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 9061 Md5: c11a448cf6d6782004873cbd74bcb3c6 Sha1: 97b3b4dbc45777cfee7df6c52ded36f739909c6b Sha256: ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3-base.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faf6c-a093" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (41105), with CRLF line terminators Size: 6432 Md5: 97abe39b078280fdeac27588893a4184 Sha1: 15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3 Sha256: d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_dpoint_area.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faefe-2472" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text Size: 2041 Md5: d2d019a46a5af2d55d12762ca9c52311 Sha1: dcf6961dc5c9f240577d9087ece402c36fb456ae Sha256: 2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faf6c-9bab0" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (65536), with no line terminators Size: 57845 Md5: 30ba2bd45c9c1f382f477bb670a2938c Sha1: 8433af88f080303a8fe4a52ddb25cfe515aa23e1 Sha256: 3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/rf2-style.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"634faf6e-91d6" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (37237) Size: 8285 Md5: 7d756a6c2884ef06889eb91355f6548a Sha1: 2e4c1667f6243e63e5bcca8e81416d0e8bfb6506 Sha256: a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:46 GMT Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"640566f2-6bf0e" Expires: Thu, 23 Mar 2023 18:39:46 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (8432) Size: 44804 Md5: d08aa4e09fbd9fc0e4b37cd033bff0be Sha1: d88de5246609ba1a9de33e3c9c3c291bc1191a1c Sha256: 23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: qsvlpoh30GZEAv14Ye+DwQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	52.39.57.61 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: QNSwxbSfitwEWAtIRpbhypWOFz8= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /statica/3.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 188531 Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT Connection: keep-alive ETag: "635f9476-2e073" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data Size: 188531 Md5: f1ebd37f4327ecafb79d418b055f059f Sha1: ae48973ef810b2e3624abb92b69807898017d593 Sha256: 3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/2.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 113029 Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT Connection: keep-alive ETag: "6405a017-1b985" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data Size: 113029 Md5: ae1ce68b80e291b2486c2f3b609ec3fc Sha1: 1841dae5a2ec1248d630e05c7069f06b41d35939 Sha256: 17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/7.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 123911 Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT Connection: keep-alive ETag: "6405aef6-1e407" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data Size: 123911 Md5: b1cd37bcabd72297a68bf6cfe764de4c Sha1: 6c035767206f56e4efd46f65cec33d0fdfa73fd2 Sha256: 740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/5.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 138352 Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT Connection: keep-alive ETag: "6405aea4-21c70" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data Size: 138352 Md5: 5b02a1521c7f166523443e0fae46dac6 Sha1: 084af4802b306557f667a5b316a1ec0ab33d0cde Sha256: 17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/4.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 108146 Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT Connection: keep-alive ETag: "635f9478-1a672" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data Size: 108146 Md5: c7103846b240db4c449ca632246fc3de Sha1: c4653a081ded64797cb3c53bd3449e171571fa50 Sha256: 3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/1.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/ Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 179864 Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT Connection: keep-alive ETag: "6405995e-2be98" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data Size: 179864 Md5: 29a6f30386d344e0efcc14770d0d1d8c Sha1: 106b1a96e74148d4ace4770a6daad86c4e834f3b Sha256: 66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/spacer.gif HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/statica/common.css Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/6.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 121592 Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT Connection: keep-alive ETag: "6405ae43-1daf8" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data Size: 121592 Md5: cb0b9e48faa29bbfcdf5cc35f1696465 Sha1: b961c9a4ef305c03131e9fe7dc70ae0245596202 Sha256: 66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/print.css HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/ Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 50 Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT Connection: keep-alive ETag: "634faef4-32" Expires: Thu, 23 Mar 2023 18:39:47 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with no line terminators Size: 50 Md5: 8f05cb9cbc138924e9f3d185685ecf69 Sha1: 5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5 Sha256: 480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/5.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 8029 Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT Connection: keep-alive ETag: "6405a4d0-1f5d" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data Size: 8029 Md5: cec083eb37249a1a1ce260600693308e Sha1: e739396204fb0a67470e71198484879fe74ec828 Sha256: c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 6850 Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT Connection: keep-alive ETag: "640569b4-1ac2" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data Size: 6850 Md5: ef6107ae35cb87273f441b64e82b6812 Sha1: 821cdfb9557e2bfdc8b418c0262202c563c31a08 Sha256: e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/3.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 44107 Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT Connection: keep-alive ETag: "6405a449-ac4b" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data Size: 44107 Md5: 02d2e385d6c4d7e75ff925a7915282d5 Sha1: 665f598c06b062aa6fe35d4008ee228dab365dab Sha256: a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo2.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 51082 Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT Connection: keep-alive ETag: "64030bf6-c78a" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data Size: 51082 Md5: c2f9b38d71fa659a844a1b2aa8f59ea6 Sha1: 16162794ffa73014af78b6d4bf5767e49e624ce3 Sha256: c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/4.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 14757 Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT Connection: keep-alive ETag: "64030a4e-39a5" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data Size: 14757 Md5: 57eba58913d5c25bfe947a19b626a1b1 Sha1: c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff Sha256: 07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/1.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 118591 Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT Connection: keep-alive ETag: "6405ae28-1cf3f" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data Size: 118591 Md5: 133901678896931f743ef2d1898a28b8 Sha1: 861d7acdcf76447abaa0f5f9435714fb0770fb70 Sha256: eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/2.jpg HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/	199.167.138.75 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Thu, 23 Mar 2023 06:39:47 GMT Content-Length: 157972 Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT Connection: keep-alive ETag: "6405ae26-26914" Expires: Sat, 22 Apr 2023 06:39:47 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data Size: 157972 Md5: c4181b57111ba6ae847eb865cf7ca451 Sha1: 9eb56efd39dc96af60a119b134ec9b46b6a1e80d Sha256: c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /favicon.ico HTTP/1.1 Host: hwtavuqzqg.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://hwtavuqzqg.duckdns.org/ Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D	199.167.138.75 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx Date: Thu, 23 Mar 2023 06:39:48 GMT Content-Length: 146 Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 146 Md5: 8eec510e57f5f732fd2cce73df7b73ef Sha1: 3c0af39ecb3753c5fee3b53d063c7286019eac3b Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6874 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 06:39:48 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6874 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 06:39:48 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6874 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 06:39:48 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6874 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 06:39:48 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6874 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 06:39:48 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d837d4e-ce18-46d7-b240-75b9b4a896bd.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12642 x-amzn-requestid: 4bd678ba-79b1-4dc1-a58a-a7fe6e2e933b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CBFV8EQfoAMFs5A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6416b5bf-3a673c87370eede03c329782;Sampled=0 x-amzn-remapped-date: Sun, 19 Mar 2023 07:11:59 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: 7DW11CRYwJcnBjhBMu9dn7asNdVaQyWZ0D_xWiEHXHiuzdmLgq97wg== via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 12:41:07 GMT age: 64721 etag: "fc3a53367d844a13ec4b9742fd86954e8c187245" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12642 Md5: ba2db8d73f3c451a15890457345a7f44 Sha1: fc3a53367d844a13ec4b9742fd86954e8c187245 Sha256: da47b2bde2a7bbca671b6d39f193ff4aaf4ef64d7e6586a62a8c026094ade6c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4912 x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM8H3Fl1IAMFYgA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT x-amz-cf-pop: HIO50-C1, SEA19-C1 x-cache: Miss from cloudfront x-amz-cf-id: 4xGMCVWy2EXLLN8keteGLQvQjOp6KH97rkn_FK10eyng0-5EudcOig== via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:43:33 GMT etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e" age: 32175 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4912 Md5: f4a771935927950222124e14b56046df Sha1: d07fe53e4ac41048497b2732c017f6666c3eda9e Sha256: 4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10816 x-amzn-requestid: 60a537d2-1b8a-4ae2-967c-a7e57c818cc6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: B9xY0EHqoAMFrrQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6415629e-1be08f9f3a13492717fdaa48;Sampled=0 x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:02 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: vDHHtzyodFMqzVuaPCmaEfKrHTLjTL8d25c9PJjPXAdyN-SYJC1NGA== via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 22:58:21 GMT age: 27687 etag: "ee683e481a4501d2ab8ca63d1426d6fab6f2b064" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10816 Md5: f3aa18378fc5715083fb26bd0d62f382 Sha1: ee683e481a4501d2ab8ca63d1426d6fab6f2b064 Sha256: 8aade71c4b55f6a9daab28a05a90bcc3c6c01b700aa48d2f8ccdb1992fa5ee81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10284 x-amzn-requestid: 646b9c7c-8874-46c4-b46b-acead73e2320 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CBFcVGu7IAMFsQg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6416b5e8-59436f1f66e52618400b47ff;Sampled=0 x-amzn-remapped-date: Sun, 19 Mar 2023 07:12:40 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: qYJy52mX-LR-k_ReZsbSoJZP7ZZzTPykWjX4OKtzJcIzJNBmzLEClw== via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 07:29:06 GMT age: 83442 etag: "5035ed41f497c97faefae9cdaf42dc07ab468557" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10284 Md5: 4e89d0b1281259e7399294fb5fa19d2b Sha1: 5035ed41f497c97faefae9cdaf42dc07ab468557 Sha256: f404d286deab5b4759be6e554e6488faab3b4f7988a86eb57520dac4e0d6a192
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4905 x-amzn-requestid: bdcd62f9-d742-48af-9aa0-b13afc1846ac x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM9EnFLIoAMF5cg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b7550-63fc3df77b023fca782a53ea;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:38:24 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: we0zl0U_rfWuSW8_WX8vqLOYOCoeGP-4UUNb0r3f0mEICnLXASqC5A== via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 google date: Thu, 23 Mar 2023 03:39:03 GMT age: 10845 etag: "4f25bdbffca3803b02c196c38491223684d36b4d" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4905 Md5: 90f64fe111aa6e90ebf52e0335d21b75 Sha1: 4f25bdbffca3803b02c196c38491223684d36b4d Sha256: 37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4000 x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CJpraEqyoAMFgNQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0 x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA== via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google date: Thu, 23 Mar 2023 02:49:25 GMT age: 13823 etag: "b798268806dc2f79f033e5872676019faf0e0cc1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4000 Md5: 85351059b67b0a42eda7e69a31b3b4b4 Sha1: b798268806dc2f79f033e5872676019faf0e0cc1 Sha256: 86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"6405b0db-2dbd" 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

                                                Size:   2677

                                                Md5:    dfb42051ef48382e452306aa902fb81b

                                                Sha1:   e82c224d66ee820c00f055d6a3e12b6162cbd45c

                                                Sha256: bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/patch.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 103 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634fdab0-67" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with CRLF line terminators

                                                Size:   103

                                                Md5:    9fb36388079d1c1bcacf56a90667c2b7

                                                Sha1:   34b6de188790e1966c7b7773a3267c9c476506fb

                                                Sha256: aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/common1.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 734 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "640599ba-2de" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with CRLF line terminators

                                                Size:   734

                                                Md5:    dee10f0aebfbcff35bfd219678bb42d2

                                                Sha1:   007221fb5e14cf49a68a825829ad0cf7dcf9d3c1

                                                Sha256: fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /1.js HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/javascript

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"640c51ae-1322" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (4898), with no line terminators

                                                Size:   2385

                                                Md5:    02ffef9274ad266daf86135590207648

                                                Sha1:   97511eb0f9946b7f24b4eb0056ea424a22d039f4

                                                Sha256: 518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/floating_bnr.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634fdab0-1066" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   1441

                                                Md5:    193d7f2e6dcd5d6b9e4d5b63e011f654

                                                Sha1:   7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b

                                                Sha256: 14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/autop2022.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634fdcce-10597" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with CRLF line terminators

                                                Size:   11961

                                                Md5:    f1f175ba60778d6c5edc6810a383f093

                                                Sha1:   f3081243b57871612536be750fcc0d65cd88a3b3

                                                Sha256: 4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /2.js HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/javascript

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"6401c5a0-1322" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (4898), with no line terminators

                                                Size:   2384

                                                Md5:    329721f20b80af5fb1280099bddaac27

                                                Sha1:   688f423b54134281a440627a7908e69eb1689251

                                                Sha256: f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/web_font.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-60b" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text

                                                Size:   659

                                                Md5:    44afde52eb764fb8dc3bdc93fa5bc5de

                                                Sha1:   2ba406581c1ec0adc6ea7d38a30e034b33ba50d3

                                                Sha256: 7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/common.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-532" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (1310), with no line terminators

                                                Size:   757

                                                Md5:    e02bbaac73c3252d7ce5a435be84b161

                                                Sha1:   47837f273a056846417d6a3bbe6afbdcda6eebd8

                                                Sha256: 3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/common_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-2839" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (10295), with no line terminators

                                                Size:   2652

                                                Md5:    d0927936c38bfcd930ca3da5e3c52ee5

                                                Sha1:   4a8b8ad3ad04e9f64f869a835a98140af50db2ec

                                                Sha256: 2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/header_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"6405611a-4523" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with CRLF, LF line terminators

                                                Size:   4075

                                                Md5:    a36d01f2f8d693c5c0a054f807c180cf

                                                Sha1:   7cfe2395344f2fdf1750a470369921187bdd8655

                                                Sha256: 310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/footer_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-18b9" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (6309), with no line terminators

                                                Size:   1753

                                                Md5:    843e7c6c055493afb4ad28904f9fd86c

                                                Sha1:   a2270b1eb98446c961f0dec5a2b26b0ff622a1f6

                                                Sha256: e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/parts.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 460 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634faef2-1cc" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (460), with no line terminators

                                                Size:   460

                                                Md5:    e00eaa3e7d77d4e20ddf0474a2fb6f29

                                                Sha1:   fc6083084099010bd8ff85ac030a0e8dfe546df3

                                                Sha256: 888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634fdab0-de4ea" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators

                                                Size:   114640

                                                Md5:    54598c23fa78de05f6527eed7fa80ed1

                                                Sha1:   7085981e4eb347229902592d30938ca8afd2173c

                                                Sha256: e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/parts_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-e056" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (57426), with no line terminators

                                                Size:   11983

                                                Md5:    ff1cb1d0787b0bec22ed7b8b043100b4

                                                Sha1:   11e0eb3d35e94aad982f5bd35869504e115eb679

                                                Sha256: 992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/header_branding_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 846 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634faef2-34e" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   846

                                                Md5:    a361c29b4c965358cde21dc4e9305dcc

                                                Sha1:   819bbc08ba6f276426d44065f6d2c64f4984fe89

                                                Sha256: c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/header_banner_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-75b" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (1883), with no line terminators

                                                Size:   655

                                                Md5:    032a9ee46864dbe108b7bba2b6871471

                                                Sha1:   d1ddc8b64b623190429eda145c6650492917403e

                                                Sha256: 82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/dynavi_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef2-6f5" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   694

                                                Md5:    c7e1ee0df3ac5772ea986fa4f8ecdebb

                                                Sha1:   7d20151c9d567ada03df72c00e2f86fc89748eb1

                                                Sha256: e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/KDDIto_faq_api_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/chat_tool_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef4-27ad" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   2782

                                                Md5:    37aaa7f5615d074bc553efd229e73e86

                                                Sha1:   b7bdf072c7b46e3db234e5dec0792538d3e7a533

                                                Sha256: bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/parts_smt-v2-btn.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Content-Length: 592 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634faef4-250" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   592

                                                Md5:    e63ea98f8d1d1bfb1c7f4fbf7ec29ddc

                                                Sha1:   4756a4950b86b3ac17cca82ce5df9107354fe09b

                                                Sha256: a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/osp_parts_ex_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef4-1166" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (4454), with no line terminators

                                                Size:   1059

                                                Md5:    2c1d9b4379f5d13dec96a1b31c2c8d8d

                                                Sha1:   4ffc40dde93db4259381bb655236a5a48bd94f4d

                                                Sha256: e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/add_modules_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef4-11fd" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text

                                                Size:   1323

                                                Md5:    1c72c54c8c25879029967d3b1bdcd731

                                                Sha1:   d99e365e83b8a9d9b9a24afe567b6650e45dc9e7

                                                Sha256: 043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/new_footer_user_assessment_log.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef4-236d" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (9069), with no line terminators

                                                Size:   1847

                                                Md5:    3266b365ae2e86e1c4b91925158a6ea0

                                                Sha1:   e1785a5abdc9c771fd06045dd45ec595973ac981

                                                Sha256: 48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/font.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 224 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634faef4-e0" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with CRLF line terminators

                                                Size:   224

                                                Md5:    9e271e79969e236d11e5d6c330a27e4c

                                                Sha1:   f3228388293e37e68c505d8675a7424e48f83c92

                                                Sha256: 49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/slick.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef4-135c" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (4948), with no line terminators

                                                Size:   1403

                                                Md5:    88b54e9bef8c3f14fa0081cfd81c2ee9

                                                Sha1:   f37ba369a45a01e0671140504acddb4ef6890785

                                                Sha256: b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/index_smt.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faef6-1025" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   1151

                                                Md5:    19709a1db45f457eaae000605a66c81b

                                                Sha1:   49107bd2722d4b8a63cf89f911bcec873295d5cd

                                                Sha256: 3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/style.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"64056790-f213" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   9061

                                                Md5:    c11a448cf6d6782004873cbd74bcb3c6

                                                Sha1:   97b3b4dbc45777cfee7df6c52ded36f739909c6b

                                                Sha256: ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/l3-base.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faf6c-a093" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (41105), with CRLF line terminators

                                                Size:   6432

                                                Md5:    97abe39b078280fdeac27588893a4184

                                                Sha1:   15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3

                                                Sha256: d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/header_dpoint_area.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faefe-2472" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text

                                                Size:   2041

                                                Md5:    d2d019a46a5af2d55d12762ca9c52311

                                                Sha1:   dcf6961dc5c9f240577d9087ece402c36fb456ae

                                                Sha256: 2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/l3.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faf6c-9bab0" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (65536), with no line terminators

                                                Size:   57845

                                                Md5:    30ba2bd45c9c1f382f477bb670a2938c

                                                Sha1:   8433af88f080303a8fe4a52ddb25cfe515aa23e1

                                                Sha256: 3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/rf2-style.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"634faf6e-91d6" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (37237)

                                                Size:   8285

                                                Md5:    7d756a6c2884ef06889eb91355f6548a

                                                Sha1:   2e4c1667f6243e63e5bcca8e81416d0e8bfb6506

                                                Sha256: a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/parts_smt-v2.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:46 GMT 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
ETag: W/"640566f2-6bf0e" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:46 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (8432)

                                                Size:   44804

                                                Md5:    d08aa4e09fbd9fc0e4b37cd033bff0be

                                                Sha1:   d88de5246609ba1a9de33e3c9c3c291bc1191a1c

                                                Sha256: 23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/3.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 188531 

                                            
                                                
Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "635f9476-2e073" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data

                                                Size:   188531

                                                Md5:    f1ebd37f4327ecafb79d418b055f059f

                                                Sha1:   ae48973ef810b2e3624abb92b69807898017d593

                                                Sha256: 3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/2.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 113029 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405a017-1b985" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data

                                                Size:   113029

                                                Md5:    ae1ce68b80e291b2486c2f3b609ec3fc

                                                Sha1:   1841dae5a2ec1248d630e05c7069f06b41d35939

                                                Sha256: 17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/7.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 123911 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405aef6-1e407" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data

                                                Size:   123911

                                                Md5:    b1cd37bcabd72297a68bf6cfe764de4c

                                                Sha1:   6c035767206f56e4efd46f65cec33d0fdfa73fd2

                                                Sha256: 740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/5.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 138352 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405aea4-21c70" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data

                                                Size:   138352

                                                Md5:    5b02a1521c7f166523443e0fae46dac6

                                                Sha1:   084af4802b306557f667a5b316a1ec0ab33d0cde

                                                Sha256: 17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/4.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 108146 

                                            
                                                
Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "635f9478-1a672" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data

                                                Size:   108146

                                                Md5:    c7103846b240db4c449ca632246fc3de

                                                Sha1:   c4653a081ded64797cb3c53bd3449e171571fa50

                                                Sha256: 3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/1.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/ 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 179864 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405995e-2be98" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data

                                                Size:   179864

                                                Md5:    29a6f30386d344e0efcc14770d0d1d8c

                                                Sha1:   106b1a96e74148d4ace4770a6daad86c4e834f3b

                                                Sha256: 66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /images_osp/common/spacer.gif HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/statica/common.css 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/6.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 121592 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405ae43-1daf8" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data

                                                Size:   121592

                                                Md5:    cb0b9e48faa29bbfcdf5cc35f1696465

                                                Sha1:   b961c9a4ef305c03131e9fe7dc70ae0245596202

                                                Sha256: 66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/print.css HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/ 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 50 

                                            
                                                
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "634faef4-32" 

                                            
                                                
Expires: Thu, 23 Mar 2023 18:39:47 GMT 

                                            
                                                
Cache-Control: max-age=43200 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with no line terminators

                                                Size:   50

                                                Md5:    8f05cb9cbc138924e9f3d185685ecf69

                                                Sha1:   5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5

                                                Sha256: 480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/5.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 8029 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405a4d0-1f5d" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data

                                                Size:   8029

                                                Md5:    cec083eb37249a1a1ce260600693308e

                                                Sha1:   e739396204fb0a67470e71198484879fe74ec828

                                                Sha256: c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/logo.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 6850 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "640569b4-1ac2" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data

                                                Size:   6850

                                                Md5:    ef6107ae35cb87273f441b64e82b6812

                                                Sha1:   821cdfb9557e2bfdc8b418c0262202c563c31a08

                                                Sha256: e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/3.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 44107 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405a449-ac4b" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data

                                                Size:   44107

                                                Md5:    02d2e385d6c4d7e75ff925a7915282d5

                                                Sha1:   665f598c06b062aa6fe35d4008ee228dab365dab

                                                Sha256: a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/logo2.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 51082 

                                            
                                                
Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "64030bf6-c78a" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data

                                                Size:   51082

                                                Md5:    c2f9b38d71fa659a844a1b2aa8f59ea6

                                                Sha1:   16162794ffa73014af78b6d4bf5767e49e624ce3

                                                Sha256: c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /index/4.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/png

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 14757 

                                            
                                                
Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "64030a4e-39a5" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data

                                                Size:   14757

                                                Md5:    57eba58913d5c25bfe947a19b626a1b1

                                                Sha1:   c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff

                                                Sha256: 07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/1.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 118591 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405ae28-1cf3f" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data

                                                Size:   118591

                                                Md5:    133901678896931f743ef2d1898a28b8

                                                Sha1:   861d7acdcf76447abaa0f5f9435714fb0770fb70

                                                Sha256: eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/statica/parts_smt-v2.css 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /statica/2.jpg HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/jpeg

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:47 GMT 

                                            
                                                
Content-Length: 157972 

                                            
                                                
Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
ETag: "6405ae26-26914" 

                                            
                                                
Expires: Sat, 22 Apr 2023 06:39:47 GMT 

                                            
                                                
Cache-Control: max-age=2592000 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data

                                                Size:   157972

                                                Md5:    c4181b57111ba6ae847eb865cf7ca451

                                                Sha1:   9eb56efd39dc96af60a119b134ec9b46b6a1e80d

                                                Sha256: c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

                                        
                                            GET /favicon.ico HTTP/1.1 

                                        
                                            
Host: hwtavuqzqg.duckdns.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://hwtavuqzqg.duckdns.org/ 

                                        
                                            
Cookie: __tins__21567219=%7B%22sid%22%3A%201679553594307%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394307%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679553594313%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679555394313%7D

                                        
                                             199.167.138.75

                                            
                                                HTTP/1.1 404 Not Found 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Thu, 23 Mar 2023 06:39:48 GMT 

                                            
                                                
Content-Length: 146 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   146

                                                Md5:    8eec510e57f5f732fd2cce73df7b73ef

                                                Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b

                                                Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Suspicious - DynDNS domain 

                                                
                                            

                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

URL	hwtavuqzqg.duckdns.org/
IP	199.167.138.75 (Canada)
ASN	#15162 NETMINDERS-SERVER-HOSTING
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-03-23 06:39:57 UTC
Status	Loading report..
IDS alerts	57
Blocklist alert	0
urlquery alerts	54 Suspicious - DynDNS domain
Tags	dyndns

Overview

Domain Summary (7)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.167.138.75

Last 5 reports on ASN: NETMINDERS-SERVER-HOSTING

Last 1 reports on domain: hwtavuqzqg.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (73)

Overview

Domain Summary (7)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.167.138.75

Last 5 reports on ASN: NETMINDERS-SERVER-HOSTING

Last 1 reports on domain: hwtavuqzqg.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (73)

Network Intrusion Detection Systems