Report - alaskaus1a.dynamic-dns.net/78acae92e99e6a5e2d8ad3e3e8c45d49/?cont=QERldmlsbWFzazA5&token=f392e5c54c86e12a87d20c8063cab1b9907c79c665e225f7bed582011be4bbc6db878f5fc432bef8f38e209fa43b97a87621fd53219fc13c207b420566c5343d

Report Overview

URL

alaskaus1a.dynamic-dns.net/78acae92e99e6a5e2d8ad3e3e8c45d49/?cont=QERldmlsbWFzazA5&token=f392e5c54c86e12a87d20c8063cab1b9907c79c665e225f7bed582011be4bbc6db878f5fc432bef8f38e209fa43b97a87621fd53219fc13c207b420566c5343d
IP

137.184.184.135

ASN

#14061 DIGITALOCEAN-ASN
Submitted

2022-12-28T07:54:29Z

Access
Tags

dyndns
urlquery detections

Suspicious - DynDNS domain

Detections

urlquery

42
Network Intrusion Detection

43
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
diffuser-cdn.app-us1.com (1)	8451	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390	20960	104.17.145.91
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
alaskaus1a.dynamic-dns.net (41)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	25871	873242	137.184.184.135
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	391	99883	142.250.74.168
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	908	572	216.239.32.36
js.adsrvr.org (1)	1664	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377	2391	143.204.45.46
prism.app-us1.com (1)	8479	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	619	462	104.17.146.91
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	35.241.9.150
ocsp.digicert.com (8)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2728	5355	93.184.220.29
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.35.143.109
devilsms.live (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1179	71751	199.188.200.254
ocsp.pki.goog (7)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2401	4897	216.58.211.3
apps.mypurecloud.com (1)	13135	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390	7507	174.129.175.90
www.google-analytics.com (1)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382	20685	142.250.74.110
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	875	757	142.250.74.164
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	874	757	142.250.74.163
insight.adsrvr.org (1)	631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	767	262	15.197.193.217
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
ocsp.sectigo.com (1)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340	964	104.18.32.68
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	627	720	209.85.233.155
r3.o.lencr.org (9)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3042	7980	23.36.77.32
img-getpocket.cdn.mozilla.net (7)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3801	66665	34.120.237.76
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	143.204.42.165
www.facebook.com (1)	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	836	349	31.13.72.36
cdn.cookielaw.org (5)	502	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2253	100651	104.16.148.64
bat.bing.com (3)	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2114	13693	204.79.197.200
cdnjs.cloudflare.com (3)	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1375	150787	104.17.25.14
connect.facebook.net (1)	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383	28579	31.13.72.12
googleads.g.doubleclick.net (1)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	895	1971	142.250.74.130

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2022-12-28T07:54:13Z	medium	Client IP	Internal IP	ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
2022-12-28T07:54:13Z	medium	Client IP	Internal IP	ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
2022-12-28T07:54:14Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:14Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:15Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:16Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:17Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:18Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:19Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:19Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:19Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (107)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e717435470c9f4f06b174d7100c6a98f

292150251495b243c384e0c676a258597ba7f4d8

91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9906
Expires: Wed, 28 Dec 2022 10:39:24 GMT
Date: Wed, 28 Dec 2022 07:54:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

78f1f94544ef06b96bb43283f59d100f

fa2f1a3730a98c6fa5ebf976143fb6093a7298be

889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4508
Expires: Wed, 28 Dec 2022 09:09:26 GMT
Date: Wed, 28 Dec 2022 07:54:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

07e619a5a572fa9bcb54fa70de27f0d4

c0499dcc7551831f517f189465812859d0f48ced

2213c856ce4dd64ebe28e4deff34d449b2c08be98565c0405427453ae948fa74

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2213C856CE4DD64EBE28E4DEFF34D449B2C08BE98565C0405427453AE948FA74"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13142
Expires: Wed, 28 Dec 2022 11:33:20 GMT
Date: Wed, 28 Dec 2022 07:54:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

30db107dcf4380cef05efea409c2e6a3

96e6a306fbc07299aba64e5c14e2bfca35872fa9

b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 28 Dec 2022 07:46:45 GMT
content-type: application/json
age: 453
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

b1fcd419a4245617397846e8d17233f6

2a037ce244587640b27ead9a0ec2af4f862d91b2

e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: LFdrtlvaaEh1MhMYxFwgjfURnxOBw8Vs4z9ZbJh954ZeQkF7HW665EIYlTwn7ZcLKd200zMACks=
x-amz-request-id: BVM26QACG0MJH1ND
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 28 Dec 2022 06:56:03 GMT
age: 3495
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 28 Dec 2022 07:54:18 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

alaskaus1a.dynamic-dns.net/78acae92e99e6a5e2d8ad3e3e8c45d49/?cont=QERldmlsbWFzazA5&token=f392e5c54c86e12a87d20c8063cab1b9907c79c665e225f7bed582011be4bbc6db878f5fc432bef8f38e209fa43b97a87621fd53219fc13c207b420566c5343d

137.184.184.135

302 Found

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/78acae92e99e6a5e2d8ad3e3e8c45d49/?cont=QERldmlsbWFzazA5&token=f392e5c54c86e12a87d20c8063cab1b9907c79c665e225f7bed582011be4bbc6db878f5fc432bef8f38e209fa43b97a87621fd53219fc13c207b420566c5343d
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /78acae92e99e6a5e2d8ad3e3e8c45d49/?cont=QERldmlsbWFzazA5&token=f392e5c54c86e12a87d20c8063cab1b9907c79c665e225f7bed582011be4bbc6db878f5fc432bef8f38e209fa43b97a87621fd53219fc13c207b420566c5343d HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 07:54:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86; path=/
Location: ../index.php
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 28 Dec 2022 07:33:30 GMT
age: 1248
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

alaskaus1a.dynamic-dns.net/index.php

137.184.184.135

302 Found

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/index.php
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /index.php HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 07:54:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 2a865de28ec099bf6b241f41aa2a056e?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

60b8396db0bbfa5f2ae7e34c9d04ebcc

50b6c68aa2b2a459315a9989f5d3e326e8ad5539

c10a1e0f984b121958a5cfa3b45b746db85d33c9073fcacb019d9bb27ef3b073

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3055
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:19 GMT
Last-Modified: Wed, 28 Dec 2022 07:03:24 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.35.143.109

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.35.143.109:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EvMmlDBpOexz+GgWFOUNWg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: e0vQ0caPPjqyz/Hcarrz1ysv0l4=

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe

137.184.184.135

301 Moved Permanently

436

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

436
Hash

961c946fe0e71991ef73eb92ab113068

38d79430afc4c1e55bc1eeddf813e9ff754dc55c

51a0fbcd18ef99abecd82933a896d4c122306a40384617bf5757a6f2fcde8e92

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /2a865de28ec099bf6b241f41aa2a056e?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2022 07:54:19 GMT
Server: Apache
Location: http://alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Content-Length: 436
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5404
Cache-Control: max-age=136846
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:20 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:55:06 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

5631

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP

104.17.25.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (30837)

Size

5631
Hash

109d1ed85cd01f9cdab73a4cac5bf80d

d6c6498ad46de2d8e2008a8ff68e364ae7f16b32

8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

                                        GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:20 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 558133
expires: Mon, 18 Dec 2023 07:54:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7wkhf549lk%2Fx83vup4m%2BschjxHfhCO%2F3mAU5nhovdff70dNvkjOAl%2BQQ6sVq1JFlLaKC7fsezjdTbIhu%2F4ydGDL7ItrnkcER89Faj11ikv3F4HXxV8HwxfrNpQUCO5Tprw7ouT2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7808ba37d9a70b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5404
Cache-Control: max-age=136846
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:20 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:55:06 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css

104.17.25.14

200 OK

15248

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css
IP

104.17.25.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65317)

Size

15248
Hash

eaa2e9825d0aa4108e5c61a9058f5434

2c855186ced95e99325836c2af8b9cc2e823848a

65b91a9d675a0b22b90132b403e14db1fe82496a45c2a077ddecb2452e929077

HTTP Headers

                                        GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alaskaus1a.dynamic-dns.net
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:20 GMT
content-type: text/css; charset=utf-8
content-length: 15248
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "620188b3-3b90"
last-modified: Mon, 07 Feb 2022 21:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1783799
expires: Mon, 18 Dec 2023 07:54:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G7jmDxuEOxgEOmNeipTRnjI6ZoUrdYztfEnlo6KSJOxB0R876Rvss3F6uYHThSflt%2BFaGuexaAysmpd%2BL80E2%2FtS0yj%2FXB3gInyGz6t6CTXNTGmm3t18rkxRCMh4foV65RLLjDdt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7808ba37fe3bb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

3130754e3b8ed3b210e00966aa579f0e

8d5b8f398fb17b9de7b8c825dd8d7eccfc1d9587

fffa7d428ef47447418b322ab16b038dd3a277639d8852a51de2c7de8d15fa3c

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5595
Cache-Control: max-age=86303
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:20 GMT
Etag: "63aa8e70-117"
Expires: Thu, 29 Dec 2022 07:52:43 GMT
Last-Modified: Tue, 27 Dec 2022 06:19:28 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2783127a63c78cb5ac02e1a31631bfca

a26af5a37bbb43d4258282640749ced026ba9560

cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 28 Dec 2022 11:05:42 GMT
Date: Wed, 28 Dec 2022 07:54:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2783127a63c78cb5ac02e1a31631bfca

a26af5a37bbb43d4258282640749ced026ba9560

cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 28 Dec 2022 11:05:42 GMT
Date: Wed, 28 Dec 2022 07:54:20 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd91057dd-978b-4fb5-b0a3-5ed8624f726a.jpeg

34.120.237.76

200 OK

6009

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd91057dd-978b-4fb5-b0a3-5ed8624f726a.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6009
Hash

f810df3c7a9cc088b68a912023460d35

76c0e59325b5c046cf68c0268374df317b81be97

a46f2bc69415ce3b749a2765e98e0c2aad012050fa784d7326a0142a6a41a4dd

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd91057dd-978b-4fb5-b0a3-5ed8624f726a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6009
x-amzn-requestid: 25333cb9-5ba3-44d1-8862-2cc2658b64fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z_MGbeoAMFrSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66c7-23af33ff50839c6834137df3;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zrKFx2R1kV0xsxMyBEjpW3uSid0Kt6HLP92p7WhRcAQLUTq9mTuTmA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:42:31 GMT
etag: "76c0e59325b5c046cf68c0268374df317b81be97"
content-type: image/jpeg
age: 36709
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.16.148.64

200 OK

7151

URL HTTP/2

cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP

104.16.148.64:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (21747)

Size

7151
Hash

4292e44eba0796aac4d0b7aab80daec2

8131fd92ed85c9e8378d78e2b668cd7163fdf875

0deff459ca0049e97fc03f4a80660ef7e69185057ffdcd1a462cd3bcaffb6e5b

HTTP Headers

                                        GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:20 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: QpLkTroHlqrE0LequA2uwg==
last-modified: Wed, 21 Dec 2022 07:32:46 GMT
etag: 0x8DAE3258E5CB56A
x-ms-request-id: 6bd0e487-b01e-00a1-089a-15167d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 21861
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7808ba380cc6fab4-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12122

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d46878b-33b3-4376-b34b-4fce3b5aae99.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12122
Hash

23fa4f1ff5e70770062647e80c6b1a69

0d8cd5871878956468ccdb4ede3038869b4d2471

b44606410e34542fb5db0aa9382e43db89cd9fcf94eb4f0ec1d8b874c0d681b7

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d46878b-33b3-4376-b34b-4fce3b5aae99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12122
x-amzn-requestid: 7fae254c-4ff4-459c-a8bc-bccaa94e4bec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: du_QiEZfoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a91269-2cb2cd547899b93f47e3d901;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 03:18:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: p-sl6pCUlvaycZ2Z5QH4lbWVCL-VgK5gU7K17clcYYWvR4ZB0BPdpQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 03:36:09 GMT
age: 15491
etag: "0d8cd5871878956468ccdb4ede3038869b4d2471"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?matcher

137.184.184.135

200 OK

1713

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?matcher
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

1713
Hash

9bed8a3055a7d97e2d28eb30fc0df992

0430ea56087da3489c26f3390fad8fecfabe9e18

144a259a5498b4d784eec2e72a9cf689203c3ce48b574c9af21b4e258cfc851c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?matcher HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:20 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:18 GMT
Accept-Ranges: bytes
Content-Length: 1713
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2783127a63c78cb5ac02e1a31631bfca

a26af5a37bbb43d4258282640749ced026ba9560

cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 28 Dec 2022 11:05:42 GMT
Date: Wed, 28 Dec 2022 07:54:20 GMT
Connection: keep-alive

34.120.237.76

200 OK

10839

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f83de5-47cd-4586-9dca-ab7c314cbd0e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10839
Hash

d9dcccae2018607dee1459081249c91e

2ecfa42f64013afc536c16fcd2250d8229f81654

41839d89192ec4771a6cd5a431617c0b7855701f93c722d025d3f056f109b552

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f83de5-47cd-4586-9dca-ab7c314cbd0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10839
x-amzn-requestid: 70cc8d68-0917-472f-9d64-1d4f708791e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0yuVGkHoAMFskg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64c1-2aba103f6a75466c19ddbbd6;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lScTBikZKapio1FOewnfcSCiGyEpXxtMQztgLj-GROHqQ01VEgAnjw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:51:12 GMT
age: 36188
etag: "2ecfa42f64013afc536c16fcd2250d8229f81654"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2783127a63c78cb5ac02e1a31631bfca

a26af5a37bbb43d4258282640749ced026ba9560

cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 28 Dec 2022 11:05:42 GMT
Date: Wed, 28 Dec 2022 07:54:20 GMT
Connection: keep-alive

34.120.237.76

200 OK

5577

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd238a41-5dd3-4a9e-80cd-17fdf75ee403.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5577
Hash

50a3433c386a2d8435a10b572d986161

a97620796ae1a146e719f4a46e98c57a4af472ed

b4954da0a678a4df8c3dd7df0376c04c446fad03b94f6363938b29b0b58b782a

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd238a41-5dd3-4a9e-80cd-17fdf75ee403.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5577
x-amzn-requestid: b9f47205-66da-4ef7-bf83-f237bd4dd9e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0ys9FYKoAMFwWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64b9-5bcf6f3b23d1f2b1206c91cc;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BynwJdv-JV-UFO98M3C5ZZIJqbx7wVQkR6aJAgJHAzuDGih4D-Izug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:42:19 GMT
age: 36721
etag: "a97620796ae1a146e719f4a46e98c57a4af472ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2783127a63c78cb5ac02e1a31631bfca

a26af5a37bbb43d4258282640749ced026ba9560

cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 28 Dec 2022 11:05:42 GMT
Date: Wed, 28 Dec 2022 07:54:20 GMT
Connection: keep-alive

34.120.237.76

200 OK

5961

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1983375a-46e7-4d3c-b100-9baafabc9959.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5961
Hash

7b7f0c866bf3ac4531371ad2060951b5

48251361ab12813116d9aba69bb646bf11e54b76

33eacdc9a4c0f1c0494c153e6c8bf8dcebb5d1447aeb22fb2a799f2b631f4da7

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1983375a-46e7-4d3c-b100-9baafabc9959.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5961
x-amzn-requestid: 527254dd-5774-4b0a-92c6-b03385ea17e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0m_gHFZoAMF8gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab51fc-6808bf07003234666b176f10;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 20:13:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BEjsTYluC9DE846mwrcRYOm-r-V18WVbsV1T8OJJC-KcMhllzHhuQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 06:27:45 GMT
age: 5195
etag: "48251361ab12813116d9aba69bb646bf11e54b76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10914

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe69c29db-caec-401a-8056-6c2c58e33dfd.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10914
Hash

369bb708ac21a9219cae15dbf33fd225

64885e8ead4ee24b43274ada628ab47cba6c6703

04ba2c600a01344d2cb3fbd2fb5e1dc17d12d018e685f55870da70cd5a85b1ab

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe69c29db-caec-401a-8056-6c2c58e33dfd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10914
x-amzn-requestid: 86f79e43-1faa-431d-b88a-6e1baaabb1cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z9YF1AIAMFyKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66bb-6b418d8b0ceb68a92ec5cbd9;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_JJ9v1Rh7VMWqzK6YtQvYy48CXwwv3x7CA_kuqpZdxSnc3VscWIiw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:42:20 GMT
etag: "64885e8ead4ee24b43274ada628ab47cba6c6703"
content-type: image/jpeg
age: 36720
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5404
Cache-Control: max-age=136846
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:20 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:55:06 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/css/akusafonts.css

137.184.184.135

200 OK

4745

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/css/akusafonts.css
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with CRLF line terminators

Size

4745
Hash

7bca826d32f3e3f41c0df8f236402ca9

9880a8aade6efaf4d80ec22a4b0976185ee37d36

91c30fc9915df9e1e486290b11d4ea724b0473b64c02d77bbbf1d8d03b75714e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /2a865de28ec099bf6b241f41aa2a056e/css/akusafonts.css HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:20 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:18 GMT
Accept-Ranges: bytes
Content-Length: 4745
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/js/jquery/acc-slick/slick.css

137.184.184.135

200 OK

10282

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/js/jquery/acc-slick/slick.css
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Unicode text, UTF-8 text, with CRLF line terminators

Size

10282
Hash

769a0502a4414f3bb603934aa889b898

b35c6585cd3a533984b722815a93e041bcbb3378

7251e3e953dddf94f980a48e24415230d30695550b508f6ff651332adcbf23da

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /2a865de28ec099bf6b241f41aa2a056e/js/jquery/acc-slick/slick.css HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:20 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:18 GMT
Accept-Ranges: bytes
Content-Length: 10282
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?async

137.184.184.135

200 OK

1713

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?async
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

1713
Hash

9bed8a3055a7d97e2d28eb30fc0df992

0430ea56087da3489c26f3390fad8fecfabe9e18

144a259a5498b4d784eec2e72a9cf689203c3ce48b574c9af21b4e258cfc851c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?async HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/?cont=QERldmlsbWFzazA5&token=0308e58c62ad2bb2692e15104a25aacd9cecc2313d1e97d9d9a8b1c4b1543a997f360416f71aa6159589e74d4b6ade11b4cc85e8652cfa887b74452beeb247fe
Cookie: PHPSESSID=d4f89910226cbba1e75e43ac8de82b86

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:20 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:18 GMT
Accept-Ranges: bytes
Content-Length: 1713
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

alaskaus1a.dynamic-dns.net/2a865de28ec099bf6b241f41aa2a056e/alaska-common.js?cache

137.184.184.135

200 OK

1713

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (40)

#1 JS:Script (size: 21748)

#2 JS:Script (size: 172)

#3 JS:Script (size: 150943)

#4 JS:Script (size: 349017)

#5 JS:Script (size: 113142)

#6 JS:Script (size: 9771)

#7 JS:Script (size: 21)

#8 JS:Script (size: 6314)

#9 JS:Script (size: 3346)

#10 JS:Script (size: 728)

#11 JS:Script (size: 91213)

#12 JS:Script (size: 299639)

#13 JS:Script (size: 512)

#14 JS:Script (size: 20584)

#15 JS:Script (size: 536)

#16 JS:Script (size: 21)

#17 JS:Script (size: 39125)

#18 JS:Script (size: 573)

#19 JS:Script (size: 91138)

#20 JS:Script (size: 2269)

#21 JS:Script (size: 4593)

#22 JS:Script (size: 128)

#23 JS:Script (size: 21)

#24 JS:Script (size: 21)

#25 JS:Script (size: 14977)

#26 JS:Script (size: 1713)

#27 JS:Script (size: 42)

#28 JS:Script (size: 24240)

#29 JS:Script (size: 93486)

#30 JS:Script (size: 21)

#31 JS:Script (size: 105105)

#32 JS:Script (size: 65286)

#33 JS:Script (size: 0)

#34 JS:Script (size: 369)

#35 JS:Script (size: 1408)

#36 JS:Script (size: 176)

#37 JS:Script (size: 229537)

#38 JS:Script (size: 3257)

#39 JS:Script (size: 3737)

#40 JS:Script (size: 50230)

HTTP Transactions (107)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP