| rhqahdsxyu.duckdns.org/ |  45.88.168.188 | 301 Moved Permanently | 162 B |
IP45.88.168.188:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 31 Mar 2023 16:20:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://rhqahdsxyu.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashcca063332ba9a89eadd62a8dd7f81a9b d473b2a7a32c964599ff3bac8f98fa578f03d1d1 02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19253
Expires: Fri, 31 Mar 2023 21:41:28 GMT
Date: Fri, 31 Mar 2023 16:20:35 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash7af19a5145a4ee99bdf18831bad04bfd 7bdd2a4785b999ef54a2644211d2b2b7190fb8e1 3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10988
Expires: Fri, 31 Mar 2023 19:23:43 GMT
Date: Fri, 31 Mar 2023 16:20:35 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash84db75194692d4afe13196bda6f22da8 4c1f49bc973a4917f146d93c8d598344edc021f6 a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 15:28:25 GMT
content-type: application/json
age: 3130
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash76218c893040d958ae1c4231cdd2133c 6a7b336dee91d4aec26ace0a5883ecdfac52e68f d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6777
Expires: Fri, 31 Mar 2023 18:13:32 GMT
Date: Fri, 31 Mar 2023 16:20:35 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashe7bace7c1e04d44012e37ddffe36e5d5 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 52YJOGfLj7+M/RsJpeo9ZElNhUq/vvw4CnBnoM5AJCE/Qx1o/QgEfxtMWrheRIp5Pkys/tsr2hs=
x-amz-request-id: F237AGT4Q6JDF99V
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 16:12:15 GMT
age: 500
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:35 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha42d0f2cf4eda836602842839978a456 2fc07aed0f89885f375ed104ee2b1f54a9f6fc14 8a2e68733157cf87da93bb855af51f1e724ef2ecc3e52a1e9cfb554e93e21ccb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A2E68733157CF87DA93BB855AF51F1E724EF2ECC3E52A1E9CFB554E93E21CCB"
Last-Modified: Fri, 31 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Fri, 31 Mar 2023 22:20:12 GMT
Date: Fri, 31 Mar 2023 16:20:36 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashae064c74a3769d42109473ad05d56fb9 d48029ab8568cee6ab7416d3b476ed792d780a56 9852216f395a42f7b4792e852f9f9fa83e07d917a979237d5d7406a1d74edc4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9852216F395A42F7B4792E852F9F9FA83E07D917A979237D5D7406A1D74EDC4F"
Last-Modified: Wed, 29 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4585
Expires: Fri, 31 Mar 2023 17:37:01 GMT
Date: Fri, 31 Mar 2023 16:20:36 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Expires, Pragma, Content-Length, ETag, Backoff, Cache-Control, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 16:17:26 GMT
age: 190
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 34.117.65.55 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP34.117.65.55:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LH358oKUffHQyIGrNmXUig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tI8j3/j5Dlps0ZXuglfxzVGqTMw=
Date: Fri, 31 Mar 2023 16:20:36 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rhqahdsxyu.duckdns.org/static/au_order/common1.css | 45.88.168.188 | 200 OK | 297 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/common1.css IP45.88.168.188:0
File typeASCII text, with CRLF, LF line terminators Hashe7747efc8e18c6821fe0db00205d7055 4d445d9637714edc0ac98addbf15b44f74e2ccf0 794faba0f02ad0e41635aa0d230de01811c967c10272f39c8ce05af1bb7aac78
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/common1.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
content-length: 297
last-modified: Wed, 15 Jun 2022 08:36:22 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/hyahoo/model/common.css | 45.88.168.188 | 200 OK | 899 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/hyahoo/model/common.css IP45.88.168.188:0
File typeassembler source, ASCII text, with CRLF line terminators Hash54e1a6b67454ad54a93396e16208b7df 2271251393876e1662d5a0d08654d86132c0d2dc 70fe796ea3872a4f96dc3603b7b4e26fef3415acd88d5667ceca0e00bb444d64
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hyahoo/model/common.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
content-length: 899
last-modified: Tue, 21 Jun 2022 09:32:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/bootstrap-mini.css | 45.88.168.188 | 200 OK | 3.2 kB |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/bootstrap-mini.css IP45.88.168.188:0
Hashdfa1219ec28cb8c4bbbf85e4449e6ab7 d72c563dacd8dc9c4c16f7ff017813cce8e114f5 4d97d1da32be03000780b86172613da10a2fd77271de70c2a72b58984104f107
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/bootstrap-mini.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/styles1.css | 45.88.168.188 | 200 OK | 224 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/styles1.css IP45.88.168.188:0
Hashc605b424176e2b3541570e9ebd66830b 742f776e24d609ac28b81fa32db0accd2b1c775f 2529e6744614421fbd4dbeaacc8d5dcda829fb233eb8cee1d45cb6f1bafbec80
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/styles1.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
content-length: 224
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/main.css | 45.88.168.188 | 200 OK | 1.4 kB |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/main.css IP45.88.168.188:0
Hash419a5e9f37881561ea9af75bc6a57f13 5df7802556f04a0c308420fbefe632c77303bc73 95178298c73987687a2b9b798e4bccc8ecd8fea7ede107aa0a028973d366ac1c
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/main.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/images/addbtn.png | 45.88.168.188 | 200 OK | 1.8 kB |
URL HTTP/2rhqahdsxyu.duckdns.org/static/images/addbtn.png IP45.88.168.188:0
File typePNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data Hash096260c380940a324f8c54a213767bc2 0524bdeb61878e31c86c768155b3c8dc2a089e32 49847668da37879eb6a402f633bb0b55e33f92de4e64e159fcfeef9e3a1e34b4
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/images/addbtn.png HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: image/png
content-length: 1849
last-modified: Wed, 15 Jun 2022 08:28:34 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/hyahoo/model/circle_icon.png | 45.88.168.188 | 200 OK | 3.6 kB |
URL HTTP/2rhqahdsxyu.duckdns.org/static/hyahoo/model/circle_icon.png IP45.88.168.188:0
File typePNG image data, 114 x 114, 8-bit/color RGBA, non-interlaced\012- data Hash6bcdd355211ea388a87413d974ebe7a8 42aba13f710545481e2771d8493db5d1cd9a949a d316f7ba5748503fdeae7f6fbfd9d43ca14dc359908292ea53c961577e0ec61c
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hyahoo/model/circle_icon.png HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: image/png
content-length: 3579
last-modified: Tue, 21 Jun 2022 07:16:48 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 |  104.18.21.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.21.226:0
Hashb52450136401261d519e4e86329177ab 0f225c3cc5169b42e1baf42ad8701abf01733424 d4914f8bdb668bb4943b4e76e19c81fc59ab9ec6ccafdd45ca68f9407ef19ece
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 16:20:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 04 Apr 2023 13:52:48 GMT
ETag: "0f225c3cc5169b42e1baf42ad8701abf01733424"
Last-Modified: Fri, 31 Mar 2023 13:52:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 242
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b09ebb79daa0b3d-OSL
|
|
| vpc.lifecard.co.jp/img/buy/conv_pay_seven8.jpg | 45.60.33.107 | 200 OK | 20 kB |
URL HTTP/2vpc.lifecard.co.jp/img/buy/conv_pay_seven8.jpg IP45.60.33.107:0
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 320x148, components 3\012- data Hash3e3430a89ac5fc28bb87b185339c1e65 439df1fdef4142e72ab9ce8edd616cdc0d703bc2 92a1133138f8025d9e3952e7a9c66feb1857f75621d02a1c79d478df2996b1d4
GET /img/buy/conv_pay_seven8.jpg HTTP/1.1
Host: vpc.lifecard.co.jp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 20532
x-amz-id-2: 6R5sVmpTkWPiutD2IQCccH4AR93nLrYC1gUjxk1D7n6bF7u8w/kfVAbonFsgV+8vWIUQL201+vU=
x-amz-request-id: 272ZH5F0FHC07QKP
date: Fri, 31 Mar 2023 16:20:38 GMT
last-modified: Thu, 19 Aug 2021 03:36:25 GMT
etag: "3e3430a89ac5fc28bb87b185339c1e65"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _XT0iAKmL69VWl9N-2l5Fe4kQByQaPiDpQ7SqaNMDQ4D5Fjf9ZpyoA==
set-cookie: visid_incap_2644937=DUwF6h0jSOWoMbsb29c85FQIJ2QAAAAAQUIPAAAAAACQ3YuDCAHeneC89ZvMm9Bs; expires=Fri, 29 Mar 2024 22:16:26 GMT; HttpOnly; path=/; Domain=.lifecard.co.jp
nlbi_2644937=olXTb+1P8hrIFvQR1woipQAAAAD6k8+801d3PKBQJn3Wbpww; path=/; Domain=.lifecard.co.jp
incap_ses_275_2644937=nMlPD7ZLW0XReupVqf/QA1UIJ2QAAAAADBA5qr6m3SAntnU0NzQLLA==; path=/; Domain=.lifecard.co.jp
x-cdn: Imperva
x-iinfo: 13-19953003-19953006 NNNN CT(1 4 0) RT(1680279636332 16) q(0 0 0 0) r(0 10) U24
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash195589ff3c6c50463257f10da16de114 7119aeba010d5c5c224fa544feff6f1761739929 dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6252
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 16:20:37 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash195589ff3c6c50463257f10da16de114 7119aeba010d5c5c224fa544feff6f1761739929 dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6252
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 16:20:37 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg | 34.120.237.76 | 200 OK | 9.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashda174e6ccc9451c5071ba10eeb97f6f6 c38827a9ac1218768839877263e1f2984fbdc454 76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 10:41:48 GMT
age: 20329
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8a2b8f737604b7983cf686c82599dc73 aa63be93c4cd641f09ce0d5144ef60aab21caed1 78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L6tgzFrj9t69Rnfd9bziAPiROAX0tvcj9Kcg8sXkto8qRFeKqiwkpg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:17:06 GMT
age: 65011
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash0530376e431b6563796e4abb0db0bc4e 6921f4bd83a806e1ea8247854ad4c045fa7ee298 d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: jl5cQc_Zqq5xNDMcs5jRHb3HBIjuucl-JHF126hInXrOfv_CG-UqSg==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:18:02 GMT
age: 64955
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash39bdd16276747b1445a79e674a2a3347 d0676f63738484298a78b7abf7e4934c3d256065 67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 66767
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash424b55535e5fd622b2fc96aac1246324 cf7cf08aa8969a86bf03695af2129686fd62fe86 c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:48:08 GMT
age: 66749
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg | 34.120.237.76 | 200 OK | 5.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8600e41520408df4865627256a0a0736 dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef 9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: WnrfQr57EWYnXt1xJt9tr5XCuM3gPYULlDdEVpv2Q2kz7MDIPxSPKA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
age: 66767
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/new1.css | 45.88.168.188 | 200 OK | 1.3 kB |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/new1.css IP45.88.168.188:0
File typeUnicode text, UTF-8 text, with CRLF line terminators Hash794bcb56984c629c5628e7f2fa5c0fab 7c64d2de4e25bb39ccd31015f0bf792d65e2432b fcb9a5927b67362e2a7be476674aa1af19480d03e0f24321b96f8d099f2f6e28
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/new1.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 20 Jul 2022 08:12:58 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/ | 45.88.168.188 | 200 OK | 0 B |
IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/style2.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/style2.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/style2.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/reset.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/reset.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/reset.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/line_vk/css/yahoo_main.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/line_vk/css/yahoo_main.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/line_vk/css/yahoo_main.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 21 Jun 2022 06:50:58 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/js/jquery.loadmask.min.js | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/js/jquery.loadmask.min.js IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.loadmask.min.js HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/css/jquery.loadmask.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/css/jquery.loadmask.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/css/jquery.loadmask.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:44 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/js/jquery-3.3.1.min.js | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/js/jquery-3.3.1.min.js IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/favicon.ico | 45.88.168.188 | 404 Not Found | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/favicon.ico IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /favicon.ico HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81; __tins__21569861=%7B%22sid%22%3A%201680279636164%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201680281436164%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 31 Mar 2023 16:20:37 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/line_vk/model.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/line_vk/model.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/line_vk/model.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Sat, 18 Jun 2022 12:54:30 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/new.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/new.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/new.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/line_vk/form.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/line_vk/form.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/line_vk/form.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 15 Jun 2022 07:18:50 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/js/jquery.cookie.js | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/js/jquery.cookie.js IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rhqahdsxyu.duckdns.org/static/au_order/css/style.css | 45.88.168.188 | 200 OK | 0 B |
URL HTTP/2rhqahdsxyu.duckdns.org/static/au_order/css/style.css IP45.88.168.188:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/style.css HTTP/1.1
Host: rhqahdsxyu.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rhqahdsxyu.duckdns.org/
Cookie: sessionid=10e92e62a3ae81698bf1e5b1d490df81
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 16:20:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 30 Apr 2023 16:20:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|