Overview

URL ykdeckhxdg.duckdns.org/
IP45.12.138.122
ASNDEDIPATH-LLC
Location United States
Report completed2022-09-23 22:01:40 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 ykdeckhxdg.duckdns.org/ National Tax Agency JAPAN
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-23 2 ykdeckhxdg.duckdns.org/ Phishing
2022-09-23 2 ykdeckhxdg.duckdns.org/static/js/jquery-3.3.1.min.js Phishing
2022-09-23 2 ykdeckhxdg.duckdns.org/static/js/jquery.cookie.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed
2022-09-23 2 ykdeckhxdg.duckdns.org Sinkholed


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ykdeckhxdg.duckdns.org (11) 0 2022-09-22 08:45:27 UTC 2022-09-23 15:34:57 UTC 45.12.138.122 Unknown ranking
mnemonic passive DNS js.users.51.la (1) 53024 2012-05-30 15:10:11 UTC 2022-09-23 04:03:03 UTC 103.143.19.103
mnemonic passive DNS www.nta.go.jp (1) 0 2022-06-02 22:30:28 UTC 2022-09-23 13:46:17 UTC 216.137.44.129 Domain (nta.go.jp) ranked at: 320855
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-23 16:32:04 UTC 18.165.201.103
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-23 04:34:39 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-23 04:49:01 UTC 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-23 04:33:41 UTC 34.117.237.239
mnemonic passive DNS ocsp.globalsign.com (3) 2075 2012-05-25 06:20:55 UTC 2022-09-23 04:45:50 UTC 104.18.20.226
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-23 13:41:12 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-23 05:02:25 UTC 100.20.30.105
mnemonic passive DNS ia.51.la (2) 59607 2017-10-31 08:01:51 UTC 2022-09-23 11:38:10 UTC 103.143.19.103
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-23 12:37:00 UTC 34.120.237.76


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.12.138.122

Date UQ / IDS / BL URL IP
2022-12-03 02:15:47 +0000
4 - 0 - 1 ttshhbiqeh.duckdns.org/ 45.12.138.122
2022-11-12 05:39:28 +0000
4 - 0 - 4 mllypjmzyj.duckdns.org/ 45.12.138.122
2022-11-12 01:36:08 +0000
4 - 0 - 4 hkiyduoxou.duckdns.org/ 45.12.138.122
2022-11-12 00:36:21 +0000
4 - 0 - 7 ghntywxonl.duckdns.org/ 45.12.138.122
2022-11-12 00:35:54 +0000
4 - 0 - 7 ewrgguogyy.duckdns.org/ 45.12.138.122

Last 5 reports on ASN: DEDIPATH-LLC

Date UQ / IDS / BL URL IP
2022-12-04 14:41:08 +0000
30 - 0 - 16 loxlvrvehq.duckdns.org/ 193.239.146.77
2022-12-04 14:39:08 +0000
32 - 0 - 16 lrovwexymg.duckdns.org/ 185.203.7.123
2022-12-04 14:37:09 +0000
11 - 0 - 15 dlroezdxfc.duckdns.org/ 193.187.128.214
2022-12-04 14:28:48 +0000
29 - 0 - 15 bkkanzuncy.duckdns.org/ 185.212.68.14
2022-12-04 14:26:48 +0000
30 - 0 - 16 bggjkkymsb.duckdns.org/ 185.212.68.14

Last 2 reports on domain: ykdeckhxdg.duckdns.org

Date UQ / IDS / BL URL IP
2022-10-09 09:53:57 +0000
11 - 0 - 23 ykdeckhxdg.duckdns.org/ 45.12.138.122
2022-09-23 22:01:40 +0000
12 - 0 - 25 ykdeckhxdg.duckdns.org/ 45.12.138.122

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-04 14:41:08 +0000
30 - 0 - 16 loxlvrvehq.duckdns.org/ 193.239.146.77
2022-12-04 14:39:08 +0000
32 - 0 - 16 lrovwexymg.duckdns.org/ 185.203.7.123
2022-12-04 14:28:48 +0000
29 - 0 - 15 bkkanzuncy.duckdns.org/ 185.212.68.14
2022-12-04 14:26:48 +0000
30 - 0 - 16 bggjkkymsb.duckdns.org/ 185.212.68.14
2022-12-04 14:26:14 +0000
30 - 0 - 16 avulryhxkm.duckdns.org/ 45.88.221.115


JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (38)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.103
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 21:05:15 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bfad1bfbe8b9892941877774853e07da.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: aNbZ8P0Y42RM86f-o0UfeK6plk2PmMP05j_cvJmfnOWqXvefwdsW2w==
Age: 3374


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8420
Expires: Sat, 24 Sep 2022 00:21:49 GMT
Date: Fri, 23 Sep 2022 22:01:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3A6AE794A80EAA269D47022EFFDF0D37E35427673E6D16B5F8EA28F744BAC928"
Last-Modified: Thu, 22 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Sat, 24 Sep 2022 00:09:24 GMT
Date: Fri, 23 Sep 2022 22:01:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4981
Expires: Fri, 23 Sep 2022 23:24:30 GMT
Date: Fri, 23 Sep 2022 22:01:29 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: DC/bNczROHvDnIZI1YIac2t+Ef5pvpLLmyij/A3Tt7NjcA2dEDyTTo33CnJA5yBmm2Hs+Efm4pE=
x-amz-request-id: W3E3N331R95RV5QW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 21:47:14 GMT
age: 855
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /static/gs_vk/reset.css HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-374"
expires: Sat, 24 Sep 2022 10:01:30 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  CSV text\012- , ASCII text, with CRLF line terminators
Size:   884
Md5:    a77d6f26781539c015b1b1d84dac9c06
Sha1:   6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb
Sha256: e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/index.css HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 748
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-2ec"
expires: Sat, 24 Sep 2022 10:01:30 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   748
Md5:    91692497e479f6cc955e4de6d627a499
Sha1:   bb57de5c2d4dafee21f66645d776d3064f4b79bd
Sha256: de36d3e9e989de40ae0bf5252af018ef55fdc0ed938042bdba11147f1127e431

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/logo.png HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-b9d"
expires: Sun, 23 Oct 2022 22:01:30 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size:   2973
Md5:    c6d404ecaa7646ff497deaad55392996
Sha1:   1c66c5caf35e3e633d1cb1e09a334362ad11f5fb
Sha256: bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/syozai_icon.png HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-511"
expires: Sun, 23 Oct 2022 22:01:30 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1297
Md5:    d038e6e8e4472bbcf6e5dac6a23d5a0e
Sha1:   fce966980cd73b2d732e0081b7e8dc9751db160d
Sha256: 5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.103
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 23 Sep 2022 21:33:00 GMT
Expires: Fri, 23 Sep 2022 21:34:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 675c3f96928d591debc37b54f2b16dc2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 9PnlgcJmnjg5zKsb0EdTCg2TcBJ8ujH2GdLHFK-11zGvNR-YE6wdMw==
Age: 1710


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /static/gs_vk/index.png HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 104029
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-1965d"
expires: Sun, 23 Oct 2022 22:01:30 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x516, components 3\012- data
Size:   104029
Md5:    3b288cf2cf8b233a1f459e89dc209d79
Sha1:   08aa186779070d33edbca5dece75e2760dfa4065
Sha256: c0315642042bbc5f62714e1bf1ee5df4fd567a38745af3c67ff09b025a56efbb

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/banner.png HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
content-length: 220877
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-35ecd"
expires: Sun, 23 Oct 2022 22:01:30 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 670 x 238, 8-bit/color RGB, non-interlaced\012- data
Size:   220877
Md5:    2f987a1099c7a986fa860cf0e80d7b5d
Sha1:   0a3e6dfbf3b0e7d361ba9fc088e2ef7805ec0310
Sha256: 2fe3b5cadeb4ad9fec7ee39d1f2170c6bb656436597087aa9a582713e53bed75

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 22:01:30 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 27 Sep 2022 19:02:29 GMT
ETag: "02ffae60efaa47c55aa4f96dcc089a391254633a"
Last-Modified: Fri, 23 Sep 2022 19:02:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1020
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f68f2e9de5b521-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    bd2d1d8f7865b5bb38a83e49b28a444a
Sha1:   02ffae60efaa47c55aa4f96dcc089a391254633a
Sha256: 2b8bc2204bba3ccd1659f9de7cbfa8b06cebc912de31bc0f85c1157dd12ba9e2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6212
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 22:01:30 GMT
Last-Modified: Fri, 23 Sep 2022 20:17:58 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tVsdl8rrzebPMEwLRLV+vQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         100.20.30.105
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: h4geZTX4WnZ0IX4M+FrSSX6XaEw=

                                        
                                            GET /21298305.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.143.19.103
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: CloudWAF
Date: Fri, 23 Sep 2022 22:01:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=cf6b818d14781e91f47; path=/ HWWAFSESTIME=1663970488840; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4898)
Size:   2310
Md5:    097392b4af4b906f08b9a1900af2a3d2
Sha1:   2afc7083c44b1dd721a26e31a055aa0a09a259a6
Sha256: 0ecd3dcd19492ba3f403c15549d48ebe658c0884ea6428e177a2926e50672adf
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 22:01:31 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 27 Sep 2022 19:09:33 GMT
ETag: "05f798831e0c5fc6e72cac23270e49fa7b29322d"
Last-Modified: Fri, 23 Sep 2022 19:09:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2057
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f68f321944b521-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    0f02282f6d0049dc6ebf96c2897c39e1
Sha1:   05f798831e0c5fc6e72cac23270e49fa7b29322d
Sha256: c2e9627ad96728ccb65f20c687ce8d11d5ccb7c0144a7a96ee5e143076965458
                                        
                                            GET /template/img/template/headerbackground.jpg HTTP/1.1 
Host: www.nta.go.jp
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.137.44.129
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 29881
server: Apache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Fri, 30 Mar 2018 05:48:34 GMT
accept-ranges: bytes
date: Fri, 23 Sep 2022 22:00:54 GMT
etag: "74b9-5689aca6dd080"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c79c2a81ac4d9188a11e797e452b6892.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P2
x-amz-cf-id: fVH-S2xhqbizTjMR-WLJ1UEz3ngp5fgwRVPxR5KYPkkul45hzVtT4w==
age: 37
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 980x113, components 3\012- data
Size:   29881
Md5:    e5e2087ec026ba50dceab21313cde200
Sha1:   32528b75731905a34f01e6b4cdf3937f72c4098f
Sha256: 9f7bcb50485acc2487f525f5d0d49bf0e3c239ee0150685a621b7e84d67818c7
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Cookie: __tins__21298305=%7B%22sid%22%3A%201663970490241%2C%20%22vd%22%3A%202%2C%20%22expires%22%3A%201663972290252%7D; __51cke__=; __51laig__=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:31 GMT
content-length: 146
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 22:01:31 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 27 Sep 2022 18:56:32 GMT
ETag: "79ce79a311d5df44d9f434c6d510f449ba6a2702"
Last-Modified: Fri, 23 Sep 2022 18:56:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 38
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f68f343b33b521-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    3845b69520920eb63f61014da6f0dfc6
Sha1:   79ce79a311d5df44d9f434c6d510f449ba6a2702
Sha256: 99bf63b849bc618dded764cce00bbbe6b44c9e7a4782a9624915c34d023e2f91
                                        
                                            GET /go1?id=21298305&rt=1663970490241&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1663970490241&tt=&kw=&cu=https%253A%252F%252Fykdeckhxdg.duckdns.org%252F&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.143.19.103
HTTP/1.1 200
                                        
Server: CloudWAF
Date: Fri, 23 Sep 2022 22:01:31 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=565962ad16aedf0dadc; path=/ HWWAFSESTIME=1663970489540; path=/

                                        
                                            GET /go1?id=21298305&rt=1663970490252&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=0&vd=2&ce=1&cd=24&ds=&ing=2&ekc=&sid=1663970490241&tt=&kw=&cu=https%253A%252F%252Fykdeckhxdg.duckdns.org%252F&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.143.19.103
HTTP/1.1 200
                                        
Server: CloudWAF
Date: Fri, 23 Sep 2022 22:01:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=adbe42aa7d2d388fb18; path=/ HWWAFSESTIME=1663970490028; path=/

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4934
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 22:01:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4934
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 22:01:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4934
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 22:01:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4934
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 22:01:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4934
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 22:01:32 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:26 GMT
age: 786
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8029
Md5:    02a682b4703bb9d6381c762726c05531
Sha1:   1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
Sha256: fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:48 GMT
age: 85784
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14579
Md5:    f10a12719b387d176497669ba75f0acc
Sha1:   16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
Sha256: 0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:26 GMT
age: 85806
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5340
Md5:    3b318ea5c36d2b22b925f7dfe382df5f
Sha1:   0264e73c4cfff0bb255757c7e1c760a5ad3ece80
Sha256: 0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:07:28 GMT
age: 86044
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10127
Md5:    b877ead4a15221fdd278ef27f281a7ec
Sha1:   48c10714503e8dfdd3e3c3d39b919ef2792f0d15
Sha256: f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F155952bd-256a-4103-9017-437efcfb03bf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7005
x-amzn-requestid: c805d882-7a00-4abd-a239-d8313d7df0c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4aBwEaMIAMF09A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd6d7-6d6a417f10c9628a16d438e1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:42:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IKhfVQWVUnhvct2w5S1BB3y79gpEZ6UIB8T6tOdg0532Hxo4BpXFXQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:19 GMT
age: 493
etag: "4584bff61bf4d5c9b8fd3b97c048a8e6975e4323"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7005
Md5:    1985a957e6bc0c15d8489fa731e7f14e
Sha1:   4584bff61bf4d5c9b8fd3b97c048a8e6975e4323
Sha256: 9f3e1fd6e18d85d4f6645d077da643a3bc2cca611d5e85f534ba798102dca243
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8497
x-amzn-requestid: 8543ac70-48ab-4523-856f-5d5fa1191c97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yin-pEryoAMFTfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324205d-660bba3f655f940d143bc437;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:06:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e9KUFhjuFMzjuh37rFiNKaMNVaGZwPGBkLrv0zgfSTT7dCIuWj4G9Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:27 GMT
age: 85805
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8497
Md5:    7606ff88f05062b66970d9805f38987a
Sha1:   d47db5fcd83023b4a8de40a47d4510e183de387a
Sha256: 20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
                                        
                                            GET / HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
last-modified: Thu, 22 Sep 2022 16:52:08 GMT
vary: Accept-Encoding
etag: W/"632c92b8-f94"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/public.css HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
vary: Accept-Encoding
etag: W/"62f215d6-818"
expires: Sat, 24 Sep 2022 10:01:30 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/js/jquery-3.3.1.min.js HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-1538f"
expires: Sat, 24 Sep 2022 10:01:30 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /static/js/jquery.cookie.js HTTP/1.1 
Host: ykdeckhxdg.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ykdeckhxdg.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 23 Sep 2022 22:01:30 GMT
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-c31"
expires: Sat, 24 Sep 2022 10:01:30 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed