Report - 3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db

Report Overview

Submitted URL
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
IP
20.83.177.103
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-11-20 09:21:01
Access
Website Title
Final URL
Tags
None
urlquery detections
DynDNS domain detected
Phishing - Citizens Bank

Detections

urlquery
42
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	104.18.32.68
devilsms.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728 B	70 kB	199.188.200.254
cdn1.telegram-cdn.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	732 B	22 kB	34.111.15.3
3citizens.duckdns.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	165 kB	20.83.177.103
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.186.117.16
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	11 kB	192.124.249.22
t.me	6552	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	471 B	4.6 kB	149.154.167.99
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	714 B	1.4 kB	142.250.74.35
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	46 kB	34.120.237.76
telegram.org	5408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	44 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	t.me/Devilmask09	206 B	2023-03-08	2023-03-13
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:29 Last Seen2023-03-13 04:31:35 Times Seen1 Hash 1a275332c763d92663571f8086336d94 2773374f3cabe9daedd65eee6572865b204bb76a 4cf9d865038b8d9a2130213f433042bdec42b3f2b3d49d838366d7e5b5ff675b Loading...

	telegram.org/js/tgwallpaper.min.js?3	3.0 kB	2023-03-07	2024-04-25
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-25 11:07:19 Times Seen5033 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	devilsms.live/clve-min.js	151 kB	2023-03-07	2023-04-30
Pretty URL devilsms.live/clve-min.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:38:47 Last Seen2023-04-30 22:10:37 Times Seen11 Hash a0af62af3a5f980137ece52d9604b17e 47803e4451aaae4f38c40d154f915e89155edc0d 28899904b99b7dc185a3ee4ef8a53a522ae488db692a9ee4d45ddfc07dc04a24 Loading...

	devilsms.live/cleave.js	94 kB	2023-03-07	2023-12-17
Pretty URL devilsms.live/cleave.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:56:13 Last Seen2023-12-17 14:10:58 Times Seen29 Hash ead7731c4b02b3e134ec2d390e7fccd0 3491430271d8a9f15548ca5a00e90b5d4e10b437 f97d8e2f7cc9b436d478f1168d22b9ae3c292d97d2d5285c4ccd01f3bbef47f5 Loading...

	t.me/Devilmask09	1.3 kB	2023-03-08	2023-03-13
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:29 Last Seen2023-03-13 04:31:35 Times Seen1 Hash e7e40c84862ebc5642038190aacd8557 3bf86807278bf5e73a2a8765d5e5e76030e289c2 7a0b67d1bf946b6fed92dc5cd6f72a46760f3b9d91559bda8134b33eefb9a3a3 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 11:22:31 Times Seen37061945 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	t.me/Devilmask09	193 B	2023-03-07	2024-04-25
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-25 11:07:19 Times Seen3290 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 11:22:31 Times Seen37061945 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (66)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21518
Expires: Sun, 20 Nov 2022 15:19:27 GMT
Date: Sun, 20 Nov 2022 09:20:49 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f732c50f6a2482aeea20552e0370c2d0
6f33119d5c38e92a0a62f3a46766ff86014e4d68
a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:49 GMT
Last-Modified: Sun, 20 Nov 2022 07:49:20 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db

20.83.177.103

200 OK

25 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Non-ISO extended-ASCII text, with very long lines (2059)
Size
25 kB (24684 bytes)
Hash
71152b0e2ba964e4962e2ab3007ecde9
aae7ce286f626edf3d6033a2b44ebe5ee767d6ab
e83c1ad78ffef7bbedc6e1af509a0e4a412b4d1e575aefe8243ca8d42602ea06

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=28584360eb5016c91308524730192459; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 08:45:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2135
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cee7787feebac18f9eca273e56e3741
3a7dac544172921e24c2a1701beef5079b21d01b
79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2312
Expires: Sun, 20 Nov 2022 09:59:21 GMT
Date: Sun, 20 Nov 2022 09:20:49 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 09:20:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: xBXqfRtv5/nwxkujGAjDco72QE6lHjcvTxNCeOObdCWB2Ha2VtgP6nEGXvrbIvfRLdcvK5ekoEw=
x-amz-request-id: 67XHH14D7VQ728G5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 08:38:39 GMT
age: 2530
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/normalize.css

20.83.177.103

200 OK

9.7 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/normalize.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
9.7 kB (9696 bytes)
Hash
ebb479dd9f58736c30739ce9e551010d
f9751153a26e815f3161abd77e1a2a3f97a02ae6
90cb33de6ced42c1ce82fd4a3a0b014f2ce29179ab85e24ebfa7abd73fabd9d8

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/normalize.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 9696
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css

20.83.177.103

200 OK

8.9 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text
Size
8.9 kB (8900 bytes)
Hash
63b00c36f13f7bd0112c5d3c6e0d1ad0
f5ea43b50ab8c8d12317dcd56d953cd640ec0133
785818872f719d6d46b9e00e9cdb942779f111aec0421d983ad2a6e02b0e8c3a

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/flows.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 8900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css

20.83.177.103

200 OK

22 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (1404)
Size
22 kB (22332 bytes)
Hash
75c7f7f34cb3c6deb89891e022266252
4ba3a397da8746f97b53186e6ec14e704bda003a
daa294bf8eaa7ddd13aeb7d3d462fb53f0c8b080ed1abe2531360892408327cf

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 22332
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css

20.83.177.103

200 OK

2.3 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
2.3 kB (2277 bytes)
Hash
a8d7730ebae7d5a0f9f1b28705910c82
8c2a3f4543d2326f5803e32ceda9ce60572cafc6
e094fbcf1596ac0af1fe05cd7d6b8724b77dc71c9219deb63738ccae1fdeb2ad

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css

20.83.177.103

200 OK

7.6 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
7.6 kB (7585 bytes)
Hash
10cf523dd8bc660eb53f3c56783f5fed
9f6df41bda3d811f4d774544f15573023e25eca8
27fd729324c41d300a6f74a95b20b54feca49388cbffeb89933bb18b5764a7b5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 7585
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css

20.83.177.103

200 OK

61 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
61 kB (60617 bytes)
Hash
5c037b9fa5c1436afc0beef12818a53a
e3208a8dd6d2bbd84631b9a59a044653ebd766f0
3e1e20f8191f692da7ac00c865c48320c19e71585d471a02e2b93e3b3c0b1fc3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/main.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 60617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2a5268017008ffb2166d5bea44b13f95
5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d
212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=547752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d01caadf43b517-OSL

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png

20.83.177.103

200 OK

395 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Size
395 B (395 bytes)
Hash
25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/efs/efs/grafx/icon-secure.png

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/efs/efs/grafx/icon-secure.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/efs/efs/grafx/flows-tooltip.png

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/efs/efs/grafx/flows-tooltip.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/efs/efs/grafx/arrow-button-white.png

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/efs/efs/grafx/arrow-button-white.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png

20.83.177.103

200 OK

5.3 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 5277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/lock.png

20.83.177.103

200 OK

349 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/lock.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
349 B (349 bytes)
Hash
6f9f05d66a5410b90817d0cc6db92b03
891273e368982cdd9ce5408dda3877c52fe72a2e
9b87191a74f704fe3c917fe2a2f17fa3ac20da84f1c361cd3f41802a437f61d5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/lock.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 08:25:04 GMT
cache-control: public,max-age=3600
age: 3346
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png

20.83.177.103

200 OK

3.2 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3239 bytes)
Hash
b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png

20.83.177.103

200 OK

3.3 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3295 bytes)
Hash
ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/elh.gif

20.83.177.103

200 OK

1.4 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/elh.gif
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 31 x 24\012- data
Size
1.4 kB (1433 bytes)
Hash
f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/elh.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png

20.83.177.103

200 OK

3.3 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3278 bytes)
Hash
09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif

20.83.177.103

200 OK

1.1 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 14 x 9\012- data
Size
1.1 kB (1134 bytes)
Hash
39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif

20.83.177.103

200 OK

2.2 kB

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 56 x 24\012- data
Size
2.2 kB (2245 bytes)
Hash
a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2a5268017008ffb2166d5bea44b13f95
5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d
212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=547752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d01caadaffb4f3-OSL

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff

20.83.177.103

200 OK

94 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
94 B (94 bytes)
Hash
494d5b5f24f681e3c43b52ea9bb1be4c
005ceb2099f9c3bf423ddb401479ee0a9dd8d63c
02d0c08ceab09da804ddb85b4e50adad35b9688dbcada103e8b03c61c4d393b1

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff

20.83.177.103

200 OK

93 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
93 B (93 bytes)
Hash
2d3d1e9a820451d4aba30a6189adb344
5c2c9a1aab30b6d9c8af0eb29a59aa490b4cc8ab
15d76789030592dfced7878a6fcbb4222f0780b2e189bd5ffecc28eca68f577b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff

20.83.177.103

200 OK

98 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
98 B (98 bytes)
Hash
10477bffd26aae2d95743e565223edfa
f38c4988d4931d392cc889f6113d8b3261d631bd
ae61a4d9e2535ffa02754fa06adf4762452a4ee0d7fa2f08ec90d923a0463a30

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 98
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
060d538b33e370fcd033339830d33a42
4a37d427988358eb318e18e2678c3484ef4a5ebd
efa33f92547243814b5bd3bca4f94d26055d590a4431611b3ba251a8d774bfbb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5574
Cache-Control: max-age=91136
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:50 GMT
Etag: "63789cac-1d7"
Expires: Mon, 21 Nov 2022 10:39:46 GMT
Last-Modified: Sat, 19 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf

20.83.177.103

404 Not Found

315 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

push.services.mozilla.com/

54.186.117.16

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.117.16:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: d4vSdY7w6p1UCzyawjXesQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yKb+4LT54oPp7lFX/mP0IP/EwOQ=

devilsms.live/clve-min.js

199.188.200.254

200 OK

51 kB

URL HTTP/2
devilsms.live/clve-min.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51069 bytes)
Hash
724ad5d75674097f5d14e70982a3bc6e
87146103e33be6cdf8d828351685c70f2a6cb7e3
d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 09:20:50 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Sun, 20 Nov 2022 09:20:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

devilsms.live/cleave.js

199.188.200.254

200 OK

18 kB

URL HTTP/2
devilsms.live/cleave.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (1712)
Size
18 kB (18428 bytes)
Hash
fe9f66e28ad0fde897ddcb9571324491
e5ab8ed2bad2578458397898778be698dff70917
ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 09:20:50 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Sun, 20 Nov 2022 09:20:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
09674978f0d63241f9c13551fc25355e
5881bcbfe4d2fc49e63e206d164e321c96642510
1e9c4601538a7bc1faae2fbcb070d2eb0fda54e26e476bf5471dce0637cc1f5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 20 Nov 2022 03:37:03 GMT
Expires: Mon, 21 Nov 2022 03:37:03 GMT
ETag: "5881bcbfe4d2fc49e63e206d164e321c96642510"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

t.me/Devilmask09

149.154.167.99

200 OK

4.1 kB

URL HTTP/2
t.me/Devilmask09
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3560)
Size
4.1 kB (4062 bytes)
Hash
87f794a040878d35d2419c72c8128b0a
8d5a6468647df0d5ac99ad587efb2365864c6fd7
55a3dce424f93b096b9c2129d42e5b92053ec803f37379922b0c5af299b56f52

HTTP Headers

GET /Devilmask09 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:51 GMT
content-type: text/html; charset=utf-8
content-length: 4062
set-cookie: stel_ssid=a8b52f17a44a09c4eb_492441030204181218; expires=Mon, 21 Nov 2022 09:20:51 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d0852ae04967e107b1eb5155b63554b
45fdca8b189c452adc16365230f7d4f64117ddb7
8ef38309c3e015389e09ee6968439be06bde9c3b098bd4e02ec73a56b16986f7

HTTP Headers

POST /s/gts1d4/6yJZH6zwO-k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
86ba89363231a3ef683c73ecab87b605
f45afc34e03528160583cdba2fd40add2c574352
20e7b604e58a0360ff5ca54b72fa1837033872db57b8d451a2b08dc9f6ebfcb5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 19 Nov 2022 19:45:39 GMT
Expires: Sun, 20 Nov 2022 19:45:39 GMT
ETag: "f45afc34e03528160583cdba2fd40add2c574352"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
86ba89363231a3ef683c73ecab87b605
f45afc34e03528160583cdba2fd40add2c574352
20e7b604e58a0360ff5ca54b72fa1837033872db57b8d451a2b08dc9f6ebfcb5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 19 Nov 2022 19:45:39 GMT
Expires: Sun, 20 Nov 2022 19:45:39 GMT
ETag: "f45afc34e03528160583cdba2fd40add2c574352"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
86ba89363231a3ef683c73ecab87b605
f45afc34e03528160583cdba2fd40add2c574352
20e7b604e58a0360ff5ca54b72fa1837033872db57b8d451a2b08dc9f6ebfcb5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 19 Nov 2022 19:45:39 GMT
Expires: Sun, 20 Nov 2022 19:45:39 GMT
ETag: "f45afc34e03528160583cdba2fd40add2c574352"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7589
Expires: Sun, 20 Nov 2022 11:27:21 GMT
Date: Sun, 20 Nov 2022 09:20:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7589
Expires: Sun, 20 Nov 2022 11:27:21 GMT
Date: Sun, 20 Nov 2022 09:20:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7589
Expires: Sun, 20 Nov 2022 11:27:21 GMT
Date: Sun, 20 Nov 2022 09:20:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7589
Expires: Sun, 20 Nov 2022 11:27:21 GMT
Date: Sun, 20 Nov 2022 09:20:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11597 bytes)
Hash
fa9aba4cb1cc96d2b04905f45c902c45
dd7c1a17f049319bc8f11a5ee6905fa240d1ffc5
2f18c3906096fcead96dc14f0b5976e6573c4825e8c4948f171a67c5920ca684

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11597
x-amzn-requestid: 28c7761b-1ffd-4abf-ae2b-51a2d1b07538
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1jHdGbwoAMFqrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63787efc-2f2258bb2fcd48340e08110f;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: PONP22tGAWF-ZUrQ-FpTAV6_hoaILBamhC-eSqkPL50-OdxlFJannA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 07:39:49 GMT
age: 6063
etag: "dd7c1a17f049319bc8f11a5ee6905fa240d1ffc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7887dfe-7fc2-40ee-a9ab-8eb140b712f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7361 bytes)
Hash
67d9255d9653267ea811a2e12476e00f
80cbff8a27f50d95b44f5464a16a46691dcd29ee
a30ef36f3ef83a332c7449a812701d1cafd4f4566c61ecb8df9b0551a41d8e10

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7887dfe-7fc2-40ee-a9ab-8eb140b712f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7361
x-amzn-requestid: 42851bee-f6ae-48bd-9944-2ce14cf3500a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jaLHCdoAMFRiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c40-6092dd5e3a0719616e29dafa;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uccJZq88oFeoWkxO5-hNBofCYUG5bVnd-DvPO1FvmgvXstayjkiqgw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:58:15 GMT
age: 40957
etag: "80cbff8a27f50d95b44f5464a16a46691dcd29ee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a4c45ae-b32f-41fd-b114-30dd881b4ef3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7659 bytes)
Hash
a1e751db3c22be366e4bef8b30644677
a2147825fc70ee46cdff2c5857646078c7cc3dad
713e83ce024a939bbc34268a18ea20e6e18fedeeeb6c5e5788df9b473c1c1c27

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a4c45ae-b32f-41fd-b114-30dd881b4ef3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7659
x-amzn-requestid: 78936c00-59d6-45ae-97fe-b038a9748078
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i0BFtdoAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b4c-45f909677dc2cece6f0e27aa;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:31:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -B6mMWjuXxI3rVMu78ut9_BICmn-XzHWHfmj5Xi6H0OoXSAMCPNm0Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:41:31 GMT
etag: "a2147825fc70ee46cdff2c5857646078c7cc3dad"
content-type: image/jpeg
age: 41961
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7589 bytes)
Hash
06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 34I3ZsWcHKNvx-MctWUIyOgHOm8vjDMxuHtcGZmykKvEtbs4JziNqA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 16:26:51 GMT
age: 60841
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6744 bytes)
Hash
e33cec1fb25538471758ee73cffc0c88
351f0afdd289e84c829401b80645c8803b47bc39
d826e4a0f0f53e95864b1e40d6bf13d2e82ad5806f988b7d54bb97e21b45da8e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6744
x-amzn-requestid: e03ae3dd-b804-4a7f-9d23-f208c2608b63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3juwFMKIAMFpIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794cc4-67355244587bcb725a80e363;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: txwSLf1dmqrnZtohweappWUggRFbJJXEruSrPUZk48IcXkpkzzhzZQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:53:20 GMT
age: 37652
etag: "351f0afdd289e84c829401b80645c8803b47bc39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

telegram.org/js/tgwallpaper.min.js?3

149.154.167.99

200 OK

13 kB

URL HTTP/2
telegram.org/js/tgwallpaper.min.js?3
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
data
Size
13 kB (13382 bytes)
Hash
372248a461a06c51214969cff86f3f04
47497024b3c7b80bf3595509a3d6b809519370f2
f08025750f0e6d7932a4dbf079774f608e98bbf434e2dd30815c746ff285ca9f

HTTP Headers

GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:52 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Thu, 24 Nov 2022 09:20:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

cdn1.telegram-cdn.org/file/ogwiVR2AYW3nyixhLvMQI-hzXaxMuH_VOIKpYNHBhYz1sNr9vkj0MhyBD_D8czwXkT-p4-yi-70eslESaj-93HLv2aY6OeSF9gnJFxgDG58ogATFuHOakwB193Ko6J6VHwFrnK_UOZjL-vpu4EaK1BniIXtvnWlfvejpI-1EmsVZEkAyD9d_OnDNHWKvUCJi_GVA73zFtuMKeVlRouujwnn2s_B1c6Vxrq9zLD2UJpM3z3SMHiiTpYZUW4PK19mzPjHoE5L8kGr1lq8jfZanFBYR_EC0nB5KzUtnz5UXlH8w7Ph25PI7q_gBiTvGCG0yeQZu1LTdBSf8oOit5jnkcg.jpg

34.111.15.3

200 OK

21 kB

URL HTTP/2
cdn1.telegram-cdn.org/file/ogwiVR2AYW3nyixhLvMQI-hzXaxMuH_VOIKpYNHBhYz1sNr9vkj0MhyBD_D8czwXkT-p4-yi-70eslESaj-93HLv2aY6OeSF9gnJFxgDG58ogATFuHOakwB193Ko6J6VHwFrnK_UOZjL-vpu4EaK1BniIXtvnWlfvejpI-1EmsVZEkAyD9d_OnDNHWKvUCJi_GVA73zFtuMKeVlRouujwnn2s_B1c6Vxrq9zLD2UJpM3z3SMHiiTpYZUW4PK19mzPjHoE5L8kGr1lq8jfZanFBYR_EC0nB5KzUtnz5UXlH8w7Ph25PI7q_gBiTvGCG0yeQZu1LTdBSf8oOit5jnkcg.jpg
IP
34.111.15.3:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Size
21 kB (20965 bytes)
Hash
15186a51f12e6bc15f8ef8009f7118f5
75deab06f226241c2f851bad5a4a067096ae6587
1fca06217fb44097735458e04fda12ebcd44145d0372c43a4521d22ced90b672

HTTP Headers

GET /file/ogwiVR2AYW3nyixhLvMQI-hzXaxMuH_VOIKpYNHBhYz1sNr9vkj0MhyBD_D8czwXkT-p4-yi-70eslESaj-93HLv2aY6OeSF9gnJFxgDG58ogATFuHOakwB193Ko6J6VHwFrnK_UOZjL-vpu4EaK1BniIXtvnWlfvejpI-1EmsVZEkAyD9d_OnDNHWKvUCJi_GVA73zFtuMKeVlRouujwnn2s_B1c6Vxrq9zLD2UJpM3z3SMHiiTpYZUW4PK19mzPjHoE5L8kGr1lq8jfZanFBYR_EC0nB5KzUtnz5UXlH8w7Ph25PI7q_gBiTvGCG0yeQZu1LTdBSf8oOit5jnkcg.jpg HTTP/1.1
Host: cdn1.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:52 GMT
content-type: image/jpeg
content-length: 20965
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "aa1e7c42d28430f0883a3c6f02c0e342783ec4ae"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d0852ae04967e107b1eb5155b63554b
45fdca8b189c452adc16365230f7d4f64117ddb7
8ef38309c3e015389e09ee6968439be06bde9c3b098bd4e02ec73a56b16986f7

HTTP Headers

POST /s/gts1d4/6yJZH6zwO-k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:52 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

149.154.167.99

200 OK

11 kB

URL HTTP/2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Size
11 kB (11028 bytes)
Hash
1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:53 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Thu, 24 Nov 2022 09:20:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0\012- data
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:53 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Thu, 24 Nov 2022 09:20:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL HTTP/2
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:53 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Thu, 24 Nov 2022 09:20:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
86ba89363231a3ef683c73ecab87b605
f45afc34e03528160583cdba2fd40add2c574352
20e7b604e58a0360ff5ca54b72fa1837033872db57b8d451a2b08dc9f6ebfcb5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 19 Nov 2022 19:45:39 GMT
Expires: Sun, 20 Nov 2022 19:45:39 GMT
ETag: "f45afc34e03528160583cdba2fd40add2c574352"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:53 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Thu, 24 Nov 2022 09:20:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/citizensns.min.44438.css

20.83.177.103

200 OK

0 B

URL HTTP/1.1
3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/citizensns.min.44438.css
IP
20.83.177.103:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /8c45edda7c31af8c6d00dbf615db7965/css/citizensns.min.44438.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 5849
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

telegram.org/css/telegram.css?232

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/css/telegram.css?232
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/telegram.css?232 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:52 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 16:00:52 GMT
etag: W/"6320a934-1ca4a"
expires: Thu, 24 Nov 2022 09:20:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:52 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Thu, 24 Nov 2022 09:20:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:52 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Thu, 24 Nov 2022 09:20:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/img/tgme/pattern.svg

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/img/tgme/pattern.svg
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/tgme/pattern.svg HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:53 GMT
content-type: image/svg+xml
last-modified: Thu, 03 Mar 2022 09:45:08 GMT
etag: W/"62208e24-385d7"
expires: Thu, 24 Nov 2022 09:20:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (66)

URL HTTP/1.1

IP

ASN

File type

Size

Hash