Report - www.235436587021.duckdns.org/index-login.php

Report Overview

Submitted URL
www.235436587021.duckdns.org/index-login.php
IP
216.137.188.72
ASN
#55293 A2HOSTING
Submitted
2023-03-17 01:30:45
Access
public
Website Title
Final URL
Tags
meta facebook dyndns
urlquery detections
Phishing - Facebook
Suspicious - DynDNS domain

Detections

urlquery
18
Network Intrusion Detection
13
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606 B	127 B	44.242.3.166
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3.2 kB	47 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782 B	2.4 kB	35.241.9.150
www.235436587021.duckdns.org	unknown	2023-03-16T17:44:43Z	2023-03-17T05:22:33Z	3.3 kB	142 kB	216.137.188.72
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413 B	5.9 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-17 01:30:33	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-17 01:30:33	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-17 01:30:33	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-17 01:30:33	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:34	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:35	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:35	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-17 01:30:40	medium	Client IP	216.137.188.72	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	www.235436587021.duckdns.org/index-login.php	857 B	2023-03-07	2024-04-13
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:37 Last Seen2024-04-13 17:37:37 Times Seen807 Hash 006114fb7cc96e1188848a042e624272 bd5e85f900058b94edf348f7ab09bc625c7024b0 8b6e74d56bcb7fe1d99c6cb8e522abffbd5fbd508553811abe6e375c9b5ad60f Loading...

	www.235436587021.duckdns.org/index-login.php	234 B	2023-03-07	2024-04-18
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:18 Last Seen2024-04-18 08:15:57 Times Seen1074 Hash 3f00ba9b71a5fa7203705339002bb4ba f13e8a12064e8fc68212d613bc2789521bde2b04 c92980d32c674f224ce5f450f9045c22e3bb7377bcc21b0a65a455334c6f8f52 Loading...

	www.235436587021.duckdns.org/index-login.php	118 B	2023-03-08	2023-08-18
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:03:52 Last Seen2023-08-18 01:14:14 Times Seen235 Hash 122ea4d2eb3eed4fc98eb66cfe13a44b 23c681ef608180c7221461f4de784834039a9e07 7c7d1dad44a4520419673c852d083c042afbe60886a58beafc32448759a03dbc Loading...

	www.235436587021.duckdns.org/index-login.php	354 B	2023-03-07	2024-02-24
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:23 Last Seen2024-02-24 06:41:10 Times Seen417 Hash afb990b73fde2993fd3570d1565719cd b9e327b56485eeedf31e372b1783aa85d152d163 6791a08cd69ed13663e98693768f7b505981cceb0746d9e5623d7f3c8190eb3c Loading...

	www.235436587021.duckdns.org/index-login.php	632 B	2023-03-08	2023-08-18
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:03:50 Last Seen2023-08-18 01:14:14 Times Seen247 Hash ab5b1308ae53e55e0a715e21f57e66ee e50ac8aad33881d559098d726d17701babbbe487 04330acee6e0df6d95550e8f9ee382bc4041b554566e94cf2aeaf5bb03243358 Loading...

	www.235436587021.duckdns.org/index-login.php	4.2 kB	2023-03-08	2023-11-24
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:03:50 Last Seen2023-11-24 02:11:04 Times Seen272 Hash 65e252820213070fad65a008ad818ac5 a5baa1bc370b8079ee9765d78623f0073436ba4a 06ac3edc6bf3ac531bf4ac983f258fff87ae97e23b2c75c1357c05a2a315cae3 Loading...

	www.235436587021.duckdns.org/index-login.php	248 B	2023-03-07	2023-12-11
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:28:29 Last Seen2023-12-11 19:37:40 Times Seen263 Hash c3b0ded8966e8bdfebc7926f759e72cf d72472bd4fab300aeff6eb78c920c8ed7d29a951 a82b59874008e6fd30d24c7f064c48ca3358e1acb91a6d9f19251d56fbb2ca1a Loading...

	www.235436587021.duckdns.org/index-login.php	366 B	2023-03-07	2023-12-11
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:28:29 Last Seen2023-12-11 19:37:40 Times Seen263 Hash 0f02d35cda774737d3119c535801695b 507d4864d9221acce3bc97fd688c6a1efa363822 a8a8148b630986efe7a424a30e1cbf4af96c95fb13a79374865900e07f658635 Loading...

	www.235436587021.duckdns.org/index-login.php	230 B	2023-03-08	2023-08-18
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:03:52 Last Seen2023-08-18 01:14:14 Times Seen235 Hash e0847abd5bfba4686452c125b41b427e bc1a3263eb8c0c5128efcc353137bbbeb93cba28 4186a9d67c39e3041b62258b68d96a91af82f5d8f633dc0524dca6a6bcea2db0 Loading...

	www.235436587021.duckdns.org/index-login.php	236 B	2023-03-07	2024-02-24
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:23 Last Seen2024-02-24 06:41:10 Times Seen419 Hash 64ef9874b205c3b9011b8430d0f36bac fc7fc0264eebf07c1dbddf37f09cb33e73d01324 eb4a4c68f0eec3461e2c80662e7f2b353bdc41c3c5a6be7d7c90b18d7b2de302 Loading...

	www.235436587021.duckdns.org/index-login.php	101 B	2023-03-08	2023-03-26
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:03:52 Last Seen2023-03-26 08:27:36 Times Seen233 Hash bc1063fd36126d422a164d0ce0f95a5e 0fe2800e3faa071d760766c7e543e592905db698 36cd4db4e80f5572f6e332a9d2b931470f019a4b41f58a4fb873b0a0f2f42900 Loading...

	www.235436587021.duckdns.org/index-login.php	157 B	2023-03-07	2023-12-20
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:28:48 Last Seen2023-12-20 05:14:16 Times Seen259 Hash b2317ada72332d654917e038721c8d7e 704ae815181808efd5be2743888ba8e37032ff19 c2a5d66bcf3b8e48e0cab51d7dc2504c611369e3bbc834a648e29362e58f6fd0 Loading...

	www.235436587021.duckdns.org/index-login.php	10 B	2023-03-07	2024-04-19
Pretty URL www.235436587021.duckdns.org/index-login.php IP 216.137.188.72 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:18 Last Seen2024-04-19 19:43:27 Times Seen14073 Hash 91b3d54bc665b27a303ea5103da4f0b5 1ea644a3b2b1e427686c79e379e4074d576e732a 8c946addeada771d3dc6866cc23be2d1ef3f84b0ae6a98989cbf25b1a9249a61 Loading...

HTTP Transactions (27)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1424d2734290cfd767b86da0ee0da3bc
875b1243bca41177411ac6af710d2bb96f45a0ac
70b5bb76774526a0cf131445ae2f8639085c3449812497df457f4bc78089917b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70B5BB76774526A0CF131445AE2F8639085C3449812497DF457F4BC78089917B"
Last-Modified: Wed, 15 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4491
Expires: Fri, 17 Mar 2023 02:45:25 GMT
Date: Fri, 17 Mar 2023 01:30:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
25389646a2daae58c728e01095973033
651619a503a0f21dd5a8135cce5240f51bae1ab5
8ecd890bd13e92a07acabbd187e71d59adc1f896b249ac1165444ea1f9e21bef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8ECD890BD13E92A07ACABBD187E71D59ADC1F896B249AC1165444EA1F9E21BEF"
Last-Modified: Tue, 14 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6337
Expires: Fri, 17 Mar 2023 03:16:11 GMT
Date: Fri, 17 Mar 2023 01:30:34 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Mar 2023 01:26:41 GMT
content-type: application/json
age: 233
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.235436587021.duckdns.org/index-login.php

216.137.188.72

200 OK

18 kB

URL HTTP/1.1
www.235436587021.duckdns.org/index-login.php
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4178)
Size
18 kB (18358 bytes)
Hash
11addbec6c3db6c78d8d45dafb9fe81c
173133db1cd1cec8fc11aeea649b0fa6f1920b8f
4947b062aa2fa509acc0ede37f336e41f712d7c4ac260c4dc767ffb063d9e3f4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index-login.php HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cef8425d927aae677234ca535562b58b
823b45ffe59ac234f49d38516baf528a9daded85
c2d2e2be0e1484259271be471ff46345fd332c071389f9ef92f637e7ee666ea6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2D2E2BE0E1484259271BE471FF46345FD332C071389F9EF92F637E7EE666EA6"
Last-Modified: Tue, 14 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5245
Expires: Fri, 17 Mar 2023 02:57:59 GMT
Date: Fri, 17 Mar 2023 01:30:34 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ehXSe8oaddcDefiGuqlZJYe+dOpgn7IgrjbpXznJDuksqxapG5kAFgS1hW4E3ERo5vGwE/iUjNDRY0kAQI3jlw==
x-amz-request-id: KFQWS98FTDG31M0P
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Mar 2023 00:47:55 GMT
age: 2559
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 01:30:34 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.235436587021.duckdns.org/mobile-facebook-verification_files/m.fb897f65y.css

216.137.188.72

200 OK

9.1 kB

URL HTTP/1.1
www.235436587021.duckdns.org/mobile-facebook-verification_files/m.fb897f65y.css
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
ASCII text, with very long lines (4755)
Size
9.1 kB (9142 bytes)
Hash
c19ade199a5c090457cc1ebe08e470b1
95a8d99dd330dc79cbbd88c39553df8321068cd1
82c3d06b01cbc3aee305004063648b0fd400faf77a6aa1974e0781b04b350190

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /mobile-facebook-verification_files/m.fb897f65y.css HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jun 2022 01:57:18 GMT
Accept-Ranges: bytes
Content-Length: 9142
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.235436587021.duckdns.org/mobile-facebook-verification_files/request

216.137.188.72

404 Not Found

315 B

URL HTTP/1.1
www.235436587021.duckdns.org/mobile-facebook-verification_files/request
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /mobile-facebook-verification_files/request HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 404 Not Found
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.235436587021.duckdns.org/mobile-facebook-verification_files/m.fb89sd9.css

216.137.188.72

200 OK

94 kB

URL HTTP/1.1
www.235436587021.duckdns.org/mobile-facebook-verification_files/m.fb89sd9.css
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
ASCII text, with very long lines (7526)
Size
94 kB (94027 bytes)
Hash
72646070ea6d965702d0516de29f5e9b
4de07b8b3e0d87c61d5e8cb22407e5038ab055c8
aa03983922acf6ace41158ff5f013edfd9dd838dd7a0c545dd1bb413c4d562b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /mobile-facebook-verification_files/m.fb89sd9.css HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Jun 2022 01:57:18 GMT
Accept-Ranges: bytes
Content-Length: 94027
Keep-Alive: timeout=5, max=100
Content-Type: text/css

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Mar 2023 01:14:32 GMT
age: 963
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.235436587021.duckdns.org/limbo-light.png

216.137.188.72

200 OK

4.7 kB

URL HTTP/1.1
www.235436587021.duckdns.org/limbo-light.png
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
PNG image data, 468 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4694 bytes)
Hash
adc9bf453be28e84cbd8daba1f00be91
e4b2eb1ccfe0ce81cf1b164bd8bc81c8bed3456f
771551461e3f7f862de726524bbe87dc1623e6b276d79d117750fea2e4c010ae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /limbo-light.png HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 31 Jul 2022 18:03:14 GMT
Accept-Ranges: bytes
Content-Length: 4694
Keep-Alive: timeout=5, max=100
Content-Type: image/png

www.235436587021.duckdns.org/mobile-facebook-verification_files/F8n3WrEc0r.png

216.137.188.72

200 OK

6.3 kB

URL HTTP/1.1
www.235436587021.duckdns.org/mobile-facebook-verification_files/F8n3WrEc0r.png
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
PNG image data, 340 x 66, 8-bit gray+alpha, non-interlaced\012- data
Size
6.3 kB (6331 bytes)
Hash
aa3222aec0909f76e2f55c8061210a1e
8464dd9bed9d4da6bda5c70ed7534b5e83d4e444
91252e877e09c401110e603eaf0ff8eb78f7e38c1316db14f131fcb3f896bbb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /mobile-facebook-verification_files/F8n3WrEc0r.png HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jun 2022 01:57:18 GMT
Accept-Ranges: bytes
Content-Length: 6331
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.235436587021.duckdns.org/mobile-facebook-verification_files/request

216.137.188.72

404 Not Found

315 B

URL HTTP/1.1
www.235436587021.duckdns.org/mobile-facebook-verification_files/request
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /mobile-facebook-verification_files/request HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 404 Not Found
Date: Fri, 17 Mar 2023 01:30:35 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4353e40dea39897876467013220ab1ad
ecdbe764620d0d760f9333ff2c30d0f7d9b5d9a8
f23a16dcfff2a742fcbd5fff52cb6edcb9485eea5e732574f3124371b21abfb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F23A16DCFFF2A742FCBD5FFF52CB6EDCB9485EEA5E732574F3124371B21ABFB3"
Last-Modified: Tue, 14 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2269
Expires: Fri, 17 Mar 2023 02:08:24 GMT
Date: Fri, 17 Mar 2023 01:30:35 GMT
Connection: keep-alive

www.235436587021.duckdns.org/fav.ico

216.137.188.72

200 OK

5.4 kB

URL HTTP/1.1
www.235436587021.duckdns.org/fav.ico
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
d2850d31b1cdec91cb6ed249d992f740
4890f422bc6d645479f1689dd7db859d69affbfa
4a464d3f412adda640ef04b79e9e70b8aa446bdffffa0e8554fb91a13f97010d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /fav.ico HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.235436587021.duckdns.org/index-login.php
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 01:30:35 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 31 Jul 2022 18:03:14 GMT
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon

push.services.mozilla.com/

44.242.3.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.3.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PWXUhPoliixXE7BGBTwGgg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FZQq3G0x5rtcWh2vMPSzEPKUPI4=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4745
Expires: Fri, 17 Mar 2023 02:49:41 GMT
Date: Fri, 17 Mar 2023 01:30:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4745
Expires: Fri, 17 Mar 2023 02:49:41 GMT
Date: Fri, 17 Mar 2023 01:30:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4745
Expires: Fri, 17 Mar 2023 02:49:41 GMT
Date: Fri, 17 Mar 2023 01:30:36 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafa24301-1030-4c4f-989c-e2b17d183b89.webp

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafa24301-1030-4c4f-989c-e2b17d183b89.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5823 bytes)
Hash
558d071f9fca9b78c603772983479a2e
d3e35ffefb1fb7463f0f4eedd6a83577dc73523a
03a98d89ba218aead77e6c2470bc74840b05515e9e6c14cad12ae952974a845d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafa24301-1030-4c4f-989c-e2b17d183b89.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5823
x-amzn-requestid: e80767f3-f9d5-4617-841c-0ff537e127f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B2oz2EdsIAMFVIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64128818-1ac71964287b5c9431cb9264;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 03:08:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: keOsHwiwcFq-5XxhTXRqI2gqQiYbjcD5l6q8NhDK6imyZd9Mvp6DtQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 03:45:18 GMT
age: 78318
etag: "d3e35ffefb1fb7463f0f4eedd6a83577dc73523a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5828 bytes)
Hash
05b82ec8d7e99e9499e8b5a980008c60
280fe711e384d60749c6225ddcc7f57c48845719
305b82d6aa40f5af58100de5007ac484c73c0a49ab7c5715b8ab6e83e10270f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5828
x-amzn-requestid: d366481c-e7c3-4cc5-b3da-c7c4b22f320a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B5KlrFegIAMFa8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64138af0-1c7c39d05a6b31ed1ddcb409;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 21:32:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: WWj5PE-SRteLqD_zUeyBBarnrGodgVs_FuEh3pqlu8NmuSXEKbtJiA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:49:59 GMT
etag: "280fe711e384d60749c6225ddcc7f57c48845719"
content-type: image/jpeg
age: 13237
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10addb30-9797-4bfb-ab40-27590dcd8a0c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6871 bytes)
Hash
8d0d0c23818e0992d7081d19d86d752a
5f96d26521f4db9c8858b72d5c60f5b06fd0bba1
092427d520bfea7cf5cac7f160624001496ad5f54e8c8554a1c8aea942a7db87

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10addb30-9797-4bfb-ab40-27590dcd8a0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: 56a9e84e-6436-4726-a8b3-efc08485eb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BmtHXG6IIAMFRTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640c2895-6dc08086321fb6c016eb88e9;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 07:07:01 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: SDQGfzJOO-MuuJXlOI2vqvE8pgmDt0NOGI6aDLPTvG78ZWaXxM-mGg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:00:08 GMT
age: 12628
etag: "5f96d26521f4db9c8858b72d5c60f5b06fd0bba1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c296bb-3841-4482-a804-5e524806dd03.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8814 bytes)
Hash
012b5e6cd88d0497b761a245ce487f07
17478cb0258bb4336bc243eef4a18dd0100406d6
a064f711081abae13347e0883214e7b2cdbcf78404256af5f932ae5f6e8df13f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c296bb-3841-4482-a804-5e524806dd03.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8814
x-amzn-requestid: 0b64a3d4-d65b-48a2-b837-a48db73ccf71
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BwnF3HOQoAMFUfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64101ef2-073249406552fbe458b8d1a2;Sampled=0
x-amzn-remapped-date: Tue, 14 Mar 2023 07:14:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: TevJBwo0tP7-zHb5PIWiC4ao-epZmB-r8wp3I18PJPdqSjYpFcHa1Q==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:04:55 GMT
etag: "17478cb0258bb4336bc243eef4a18dd0100406d6"
content-type: image/jpeg
age: 12341
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8487 bytes)
Hash
be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:00:53 GMT
age: 12583
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99264f35-8d47-4d60-9c51-98d24487ff9d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4511 bytes)
Hash
bc10f94b93a5d54e2b83ad4bd055f927
3a3f0aaefa0b33ba84fe1d3ecd03d435ebefa0a8
973f1406e6610c95168e736977767dfc4cb9d604979492e2f5ca1a7fc24ecf40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99264f35-8d47-4d60-9c51-98d24487ff9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4511
x-amzn-requestid: 0105617d-6e81-4536-ab5b-c55fee3c0739
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bz5HaFKgoAMFlog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64116efb-19306eb33e7380d2323c65ff;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: CuhOQLqC55P8LXnjVQLGL-mCGaLuqIe-WQct4I5Y1_m816DYU4c4Fg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 07:30:30 GMT
age: 64806
etag: "3a3f0aaefa0b33ba84fe1d3ecd03d435ebefa0a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.235436587021.duckdns.org/rsrc.php/v3/yT/r/Yw0RiQgp0g-.png

216.137.188.72

404 Not Found

315 B

URL HTTP/1.1
www.235436587021.duckdns.org/rsrc.php/v3/yT/r/Yw0RiQgp0g-.png
IP
216.137.188.72:0
ASN
#55293 A2HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /rsrc.php/v3/yT/r/Yw0RiQgp0g-.png HTTP/1.1
Host: www.235436587021.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.235436587021.duckdns.org/mobile-facebook-verification_files/m.fb89sd9.css

HTTP/1.1 404 Not Found
Date: Fri, 17 Mar 2023 01:30:40 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML