Report - 3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db

Report Overview

URL

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
IP

20.83.177.103

ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted

2022-11-20T09:21:01Z

Access
Tags

None
urlquery detections

DynDNS domain detected

Phishing - Citizens Bank

Detections

urlquery

42
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org (6)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2028	5317	23.36.77.32
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
ocsp.sectigo.com (2)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680	1928	104.18.32.68
devilsms.live (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728	70247	199.188.200.254
cdn1.telegram-cdn.org (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	732	21622	34.111.15.3
3citizens.duckdns.org (26)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12753	165019	20.83.177.103
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	54.186.117.16
ocsp.godaddy.com (5)	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1700	11426	192.124.249.22
t.me (1)	6552	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	471	4592	149.154.167.99
ocsp.pki.goog (2)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	714	1424	142.250.74.35
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1533	93.184.220.29
img-getpocket.cdn.mozilla.net (5)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2705	46257	34.120.237.76
telegram.org (9)	5408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3642	44215	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

HTTP Transactions (66)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

eb76c0b3adf4098ad8a9d1e38250758f

99610ddb2b4ec6d04250ac244f966951695d4f00

01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21518
Expires: Sun, 20 Nov 2022 15:19:27 GMT
Date: Sun, 20 Nov 2022 09:20:49 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

f732c50f6a2482aeea20552e0370c2d0

6f33119d5c38e92a0a62f3a46766ff86014e4d68

a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:49 GMT
Last-Modified: Sun, 20 Nov 2022 07:49:20 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db

United States MICROSOFT-CORP-MSN-AS-BLOCK

20.83.177.103

200 OK

24684

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Non-ISO extended-ASCII text, with very long lines (2059)

Size

24684
Hash

71152b0e2ba964e4962e2ab3007ecde9

aae7ce286f626edf3d6033a2b44ebe5ee767d6ab

e83c1ad78ffef7bbedc6e1af509a0e4a412b4d1e575aefe8243ca8d42602ea06

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=28584360eb5016c91308524730192459; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

d130218d0e2841f39c99610fe1a2ab90

29fbe1e177ee55c7a61ae0a206afff271cf5f945

6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 08:45:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2135
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1cee7787feebac18f9eca273e56e3741

3a7dac544172921e24c2a1701beef5079b21d01b

79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2312
Expires: Sun, 20 Nov 2022 09:59:21 GMT
Date: Sun, 20 Nov 2022 09:20:49 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 09:20:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: xBXqfRtv5/nwxkujGAjDco72QE6lHjcvTxNCeOObdCWB2Ha2VtgP6nEGXvrbIvfRLdcvK5ekoEw=
x-amz-request-id: 67XHH14D7VQ728G5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 08:38:39 GMT
age: 2530
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/normalize.css

20.83.177.103

200 OK

9696

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/normalize.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

9696
Hash

ebb479dd9f58736c30739ce9e551010d

f9751153a26e815f3161abd77e1a2a3f97a02ae6

90cb33de6ced42c1ce82fd4a3a0b014f2ce29179ab85e24ebfa7abd73fabd9d8

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/normalize.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 9696
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css

20.83.177.103

200 OK

8900

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text

Size

8900
Hash

63b00c36f13f7bd0112c5d3c6e0d1ad0

f5ea43b50ab8c8d12317dcd56d953cd640ec0133

785818872f719d6d46b9e00e9cdb942779f111aec0421d983ad2a6e02b0e8c3a

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/flows.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 8900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css

20.83.177.103

200 OK

22332

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with very long lines (1404)

Size

22332
Hash

75c7f7f34cb3c6deb89891e022266252

4ba3a397da8746f97b53186e6ec14e704bda003a

daa294bf8eaa7ddd13aeb7d3d462fb53f0c8b080ed1abe2531360892408327cf

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 22332
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css

20.83.177.103

200 OK

2277

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

2277
Hash

a8d7730ebae7d5a0f9f1b28705910c82

8c2a3f4543d2326f5803e32ceda9ce60572cafc6

e094fbcf1596ac0af1fe05cd7d6b8724b77dc71c9219deb63738ccae1fdeb2ad

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/cp_challenge/sec-3-5.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css

20.83.177.103

200 OK

7585

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

7585
Hash

10cf523dd8bc660eb53f3c56783f5fed

9f6df41bda3d811f4d774544f15573023e25eca8

27fd729324c41d300a6f74a95b20b54feca49388cbffeb89933bb18b5764a7b5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/ad-containers.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 7585
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css

20.83.177.103

200 OK

60617

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

60617
Hash

5c037b9fa5c1436afc0beef12818a53a

e3208a8dd6d2bbd84631b9a59a044653ebd766f0

3e1e20f8191f692da7ac00c865c48320c19e71585d471a02e2b93e3b3c0b1fc3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/main.css HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 60617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

2a5268017008ffb2166d5bea44b13f95

5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d

212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=547752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d01caadf43b517-OSL

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png

20.83.177.103

200 OK

395

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data

Size

395
Hash

25dbaaa7fa1bf41ca6614f1d2cf699f5

56a9e2459a275ef7178ff8c90c2b277265f64fb0

eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-facebook.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/efs/efs/grafx/icon-secure.png

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/efs/efs/grafx/icon-secure.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/efs/efs/grafx/flows-tooltip.png

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/efs/efs/grafx/flows-tooltip.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/efs/efs/grafx/arrow-button-white.png

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/efs/efs/grafx/arrow-button-white.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/flows.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png

20.83.177.103

200 OK

5277

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data

Size

5277
Hash

beb4d1c9f430bb08a4ed54df069e8f0c

39950ddd690d1cbe2d08610da5c11c854450523f

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/CTZ_Green-01.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 5277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/lock.png

20.83.177.103

200 OK

349

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/lock.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data

Size

349
Hash

6f9f05d66a5410b90817d0cc6db92b03

891273e368982cdd9ce5408dda3877c52fe72a2e

9b87191a74f704fe3c917fe2a2f17fa3ac20da84f1c361cd3f41802a437f61d5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/lock.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 08:25:04 GMT
cache-control: public,max-age=3600
age: 3346
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png

20.83.177.103

200 OK

3239

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3239
Hash

b187d1cd61b1912b22ebfb4efce30bad

b502a6ed3e50ffe6da8d8d5114fd404650d38ea7

fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-linkedin.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png

20.83.177.103

200 OK

3295

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3295
Hash

ab8d8dc7ea3d7b572b2dc47f2aebe5ae

900c9f837d9a015e6609b14eed6d99c384ec5441

9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-twitter.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/elh.gif

20.83.177.103

200 OK

1433

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/elh.gif
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 31 x 24\012- data

Size

1433
Hash

f79e78d673f51194d9b9021cbc72b5b3

79a917fad527cef8d96af24d142653f2f49109b3

56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/elh.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png

20.83.177.103

200 OK

3278

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3278
Hash

09c8c4f0f417a049b8ab6acdd2581717

2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f

9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/footer-follow-youtube.png HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif

20.83.177.103

200 OK

1134

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 14 x 9\012- data

Size

1134
Hash

39fc59327cb01ffbd5ab0ece1b08fba4

6cc1099707564164c3de6f94714808cdb1c415a7

319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/equal-housing.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif

20.83.177.103

200 OK

2245

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 56 x 24\012- data

Size

2245
Hash

a0742f4f717eac3a1e61f53cbbec74f2

f85639ee91bccd2bddaf043b80c892ae6b700d49

dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/img/fdicFooter.gif HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/?cont=qerldmlsbwfzaza5&token=3a896b0722b920b489b6c8525e43e6db
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

2a5268017008ffb2166d5bea44b13f95

5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d

212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=547752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d01caadaffb4f3-OSL

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff

20.83.177.103

200 OK

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

94
Hash

494d5b5f24f681e3c43b52ea9bb1be4c

005ceb2099f9c3bf423ddb401479ee0a9dd8d63c

02d0c08ceab09da804ddb85b4e50adad35b9688dbcada103e8b03c61c4d393b1

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff

20.83.177.103

200 OK

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

93
Hash

2d3d1e9a820451d4aba30a6189adb344

5c2c9a1aab30b6d9c8af0eb29a59aa490b4cc8ab

15d76789030592dfced7878a6fcbb4222f0780b2e189bd5ffecc28eca68f577b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff

20.83.177.103

200 OK

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

98
Hash

10477bffd26aae2d95743e565223edfa

f38c4988d4931d392cc889f6113d8b3261d631bd

ae61a4d9e2535ffa02754fa06adf4762452a4ee0d7fa2f08ec90d923a0463a30

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.woff HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 06:41:31 GMT
Accept-Ranges: bytes
Content-Length: 98
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

060d538b33e370fcd033339830d33a42

4a37d427988358eb318e18e2678c3484ef4a5ebd

efa33f92547243814b5bd3bca4f94d26055d590a4431611b3ba251a8d774bfbb

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5574
Cache-Control: max-age=91136
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:50 GMT
Etag: "63789cac-1d7"
Expires: Mon, 21 Nov 2022 10:39:46 GMT
Last-Modified: Sat, 19 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_roman.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_book.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf

20.83.177.103

404 Not Found

315

URL HTTP/1.1

3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf
IP

20.83.177.103:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /8c45edda7c31af8c6d00dbf615db7965/css/font/citizen_extrabold.ttf HTTP/1.1
Host: 3citizens.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://3citizens.duckdns.org/8c45edda7c31af8c6d00dbf615db7965/css/main.css
Cookie: PHPSESSID=28584360eb5016c91308524730192459

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 09:20:50 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

push.services.mozilla.com/

54.186.117.16

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.186.117.16:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: d4vSdY7w6p1UCzyawjXesQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yKb+4LT54oPp7lFX/mP0IP/EwOQ=

devilsms.live/clve-min.js

199.188.200.254

200 OK

51069

URL HTTP/2

devilsms.live/clve-min.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

51069
Hash

724ad5d75674097f5d14e70982a3bc6e

87146103e33be6cdf8d828351685c70f2a6cb7e3

d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

                                        GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 09:20:50 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Sun, 20 Nov 2022 09:20:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

devilsms.live/cleave.js

199.188.200.254

200 OK

18428

URL HTTP/2

devilsms.live/cleave.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

Unicode text, UTF-8 text, with very long lines (1712)

Size

18428
Hash

fe9f66e28ad0fde897ddcb9571324491

e5ab8ed2bad2578458397898778be698dff70917

ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

                                        GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 09:20:50 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Sun, 20 Nov 2022 09:20:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1778

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.22:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1778
Hash

09674978f0d63241f9c13551fc25355e

5881bcbfe4d2fc49e63e206d164e321c96642510

1e9c4601538a7bc1faae2fbcb070d2eb0fda54e26e476bf5471dce0637cc1f5b

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 20 Nov 2022 03:37:03 GMT
Expires: Mon, 21 Nov 2022 03:37:03 GMT
ETag: "5881bcbfe4d2fc49e63e206d164e321c96642510"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

t.me/Devilmask09

149.154.167.99

200 OK

4062

URL HTTP/2

t.me/Devilmask09
IP

149.154.167.99:0
ASN

#62041 Telegram Messenger Inc

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3560)

Size

4062
Hash

87f794a040878d35d2419c72c8128b0a

8d5a6468647df0d5ac99ad587efb2365864c6fd7

55a3dce424f93b096b9c2129d42e5b92053ec803f37379922b0c5af299b56f52

HTTP Headers

                                        GET /Devilmask09 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://3citizens.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 09:20:51 GMT
content-type: text/html; charset=utf-8
content-length: 4062
set-cookie: stel_ssid=a8b52f17a44a09c4eb_492441030204181218; expires=Mon, 21 Nov 2022 09:20:51 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1d4/6yJZH6zwO-k
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

6d0852ae04967e107b1eb5155b63554b

45fdca8b189c452adc16365230f7d4f64117ddb7

8ef38309c3e015389e09ee6968439be06bde9c3b098bd4e02ec73a56b16986f7

HTTP Headers

                                        POST /s/gts1d4/6yJZH6zwO-k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 09:20:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.godaddy.com/

192.124.249.22

200 OK

1777

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.22:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1777
Hash

86ba89363231a3ef683c73ecab87b605

f45afc34e03528160583cdba2fd40add2c574352

20e7b604e58a0360ff5ca54b72fa1837033872db57b8d451a2b08dc9f6ebfcb5

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 20 Nov 2022 09:20:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 19 Nov 2022 19:45:39 GMT
Expires: Sun, 20 Nov 2022 19:45:39 GMT
ETag: "f45afc34e03528160583cdba2fd40add2c574352"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.22

200 OK

1777

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.22:0
ASN

#30148 SUCURI-SEC

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

#1 JS:Script (size: 206)

#2 JS:Script (size: 2979)

#3 JS:Script (size: 150943)

#4 JS:Script (size: 93486)

#5 JS:Script (size: 1303)

#6 JS:Script (size: 0)

#7 JS:Script (size: 193)

#1 JS:Eval (size: 0)

HTTP Transactions (66)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size