| r3.o.lencr.org/ |  23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash1424d2734290cfd767b86da0ee0da3bc 875b1243bca41177411ac6af710d2bb96f45a0ac 70b5bb76774526a0cf131445ae2f8639085c3449812497df457f4bc78089917b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70B5BB76774526A0CF131445AE2F8639085C3449812497DF457F4BC78089917B"
Last-Modified: Wed, 15 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12129
Expires: Fri, 17 Mar 2023 11:58:24 GMT
Date: Fri, 17 Mar 2023 08:36:15 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash3396075e8f2d9ceae3bd11f94111fed8 98ba4ccf6b0e38a91c69b76ac1dc07313773ed1d e533d6bd6a8080facdff772bcbf359373dab2d5a6fe5eabe64f95e68a8cd23aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E533D6BD6A8080FACDFF772BCBF359373DAB2D5A6FE5EABE64F95E68A8CD23AA"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16434
Expires: Fri, 17 Mar 2023 13:10:09 GMT
Date: Fri, 17 Mar 2023 08:36:15 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash84db75194692d4afe13196bda6f22da8 4c1f49bc973a4917f146d93c8d598344edc021f6 a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Mar 2023 08:26:42 GMT
content-type: application/json
age: 573
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash12cdbcb1b0785dc0423386448ac68c9c 08cff6b76fd708f0cef3c5bdb8fc72570c4536bd bb7622a85d32cbff40abd2995055e03dbac05dd841b9a84d9023a5510d89e534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB7622A85D32CBFF40ABD2995055E03DBAC05DD841B9A84D9023A5510D89E534"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9273
Expires: Fri, 17 Mar 2023 11:10:48 GMT
Date: Fri, 17 Mar 2023 08:36:15 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb5ba6334e73496995e3e3a9ecd0eb323 ad80d3b7718c28364e8c2004fb38a13a1747e462 aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 28kgiYQmcmWP9WVJnCSqAGIvBA61LaF9uiv9i1IV65YZAGxJ76+fznvhk01GoH3naq6F7G+RQPo=
x-amz-request-id: S815W76DNCA6910Y
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Mar 2023 07:48:02 GMT
age: 2893
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/ |  103.169.91.217 | 301 Moved Permanently | 162 B |
IP103.169.91.217:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 17 Mar 2023 08:36:15 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://azbrospcrs.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:15 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Mar 2023 08:17:21 GMT
age: 1134
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashfc4a4ceaf4ff1530bd1678221e3ab96b 25cbfa3ed3a3ffa3958b9c5d842879f8f458afd4 89c6e447413c88858dfcb92639e614ceb678f2897e4182e70dab2e445565bc18
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C6E447413C88858DFCB92639E614CEB678F2897E4182E70DAB2E445565BC18"
Last-Modified: Tue, 14 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6818
Expires: Fri, 17 Mar 2023 10:29:54 GMT
Date: Fri, 17 Mar 2023 08:36:16 GMT
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 35.167.94.179 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.167.94.179:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AtlL/ATAVq1ESYPilE5Hkg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UZIM/3bZ8Xu840esGNqyzV/M0aE=
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashc0cd31eed92638e5891b36a5ae315411 485d93ede2ed2085d9e7f7708d2aa12c016e3cc2 9d35e64d01028e199c671f3103870b85a3fef38a7b1484f294d7bc2b7c798413
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D35E64D01028E199C671F3103870B85A3FEF38A7B1484F294D7BC2B7C798413"
Last-Modified: Wed, 15 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Fri, 17 Mar 2023 14:36:02 GMT
Date: Fri, 17 Mar 2023 08:36:16 GMT
Connection: keep-alive
|
|
| azbrospcrs.duckdns.org/static/gs_vk/reset.css | 103.169.91.217 | 200 OK | 884 B |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/reset.css IP103.169.91.217:0
File typeCSV text\012- , ASCII text, with CRLF line terminators Hasha77d6f26781539c015b1b1d84dac9c06 6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/reset.css HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: text/css; charset=utf-8
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/index.css | 103.169.91.217 | 200 OK | 748 B |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/index.css IP103.169.91.217:0
Hash91692497e479f6cc955e4de6d627a499 bb57de5c2d4dafee21f66645d776d3064f4b79bd de36d3e9e989de40ae0bf5252af018ef55fdc0ed938042bdba11147f1127e431
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/index.css HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: text/css; charset=utf-8
content-length: 748
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15134
Expires: Fri, 17 Mar 2023 12:48:31 GMT
Date: Fri, 17 Mar 2023 08:36:17 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15134
Expires: Fri, 17 Mar 2023 12:48:31 GMT
Date: Fri, 17 Mar 2023 08:36:17 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15134
Expires: Fri, 17 Mar 2023 12:48:31 GMT
Date: Fri, 17 Mar 2023 08:36:17 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99264f35-8d47-4d60-9c51-98d24487ff9d.jpeg | 34.120.237.76 | 200 OK | 4.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99264f35-8d47-4d60-9c51-98d24487ff9d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbc10f94b93a5d54e2b83ad4bd055f927 3a3f0aaefa0b33ba84fe1d3ecd03d435ebefa0a8 973f1406e6610c95168e736977767dfc4cb9d604979492e2f5ca1a7fc24ecf40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99264f35-8d47-4d60-9c51-98d24487ff9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4511
x-amzn-requestid: 6184f6f9-e49b-4de6-a381-f038f203d219
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bz5OHGt2oAMFUBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64116f26-3d5a3c8d0615f75512401cfe;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 07:09:26 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: SNhkKkRiRjR4U1rOrNZBU5Rl7JgMg1OIglgmknkB2YMux3daJcpF9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 07:31:09 GMT
age: 3908
etag: "3a3f0aaefa0b33ba84fe1d3ecd03d435ebefa0a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22351eb0-1039-4e89-9b25-af3cbf84b7b0.jpeg | 34.120.237.76 | 200 OK | 6.1 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22351eb0-1039-4e89-9b25-af3cbf84b7b0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash7f2087f06cb587f45ec58e6717869800 73aa10416d3e398f9b0f09deb6fa0466113709e4 05c279dfc73bf08e879764d51e48c658635b472836dfea8dd604c5f8201a0994
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22351eb0-1039-4e89-9b25-af3cbf84b7b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6104
x-amzn-requestid: d0e299bf-ea06-4fda-b84d-61ab450fccee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B5K3XF1WIAMF8iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64138b62-115850540e2b7f6c4f82ea10;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 21:34:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 6GcUc-7hLgzE_NZuSVK5HCsS7wa9Pu2rdiL5gBw7Tzl8suOKfTlm4Q==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:53:34 GMT
age: 38563
etag: "73aa10416d3e398f9b0f09deb6fa0466113709e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg | 34.120.237.76 | 200 OK | 5.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash010bbe685e612868671ed36e422a6b25 3f4f1a419f7461a8dc1486b4a62355eca70ba895 4f6109f0f60cc5997576184faff7a31a4636ed618e15b8913ca76a7e574fbf19
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5877
x-amzn-requestid: 5ba83dec-248d-4f89-94cd-83a57be18bc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bmtd0ESMoAMFzYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640c2924-55ed65d90044c459274d6257;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 07:09:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: mqMjrNthVuwCeUq72ZbpLw_PEH4-QQgD-lair6zLmNDoJPCvHI52hQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:04:54 GMT
age: 37883
etag: "3f4f1a419f7461a8dc1486b4a62355eca70ba895"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg | 34.120.237.76 | 200 OK | 5.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash05b82ec8d7e99e9499e8b5a980008c60 280fe711e384d60749c6225ddcc7f57c48845719 305b82d6aa40f5af58100de5007ac484c73c0a49ab7c5715b8ab6e83e10270f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5828
x-amzn-requestid: d366481c-e7c3-4cc5-b3da-c7c4b22f320a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B5KlrFegIAMFa8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64138af0-1c7c39d05a6b31ed1ddcb409;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 21:32:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: WWj5PE-SRteLqD_zUeyBBarnrGodgVs_FuEh3pqlu8NmuSXEKbtJiA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:49:59 GMT
etag: "280fe711e384d60749c6225ddcc7f57c48845719"
content-type: image/jpeg
age: 38778
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbe71491cee9b47dc3ffb23b4fdff25b3 79c7d22c8df6d305f46c5779ccb9f25169d4d111 e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:00:53 GMT
age: 38124
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb35bbebd-fe94-4a9a-89ef-f9766e41b86e.png | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb35bbebd-fe94-4a9a-89ef-f9766e41b86e.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4062ca109e37235c9996cd13acaca8ab d4fcc855ddd9f7a949b66ba5bceba73f7b0c91bd 800e19d4c2fbb828aedb80542563c95b8f1d6022ff604576ed4943f1fc6d607b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb35bbebd-fe94-4a9a-89ef-f9766e41b86e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11594
x-amzn-requestid: b0875d40-ec76-4541-9e9c-0a86c89bdf22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B14BfHOkoAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64123a09-43982eb560373c1449a90e35;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 21:35:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: RnPM_j6OB3YRMpbaG14o5uurKLKWWnY04FcFimt9bPQxGiB0FZFocQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:51:09 GMT
age: 38708
etag: "d4fcc855ddd9f7a949b66ba5bceba73f7b0c91bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/logo.png | 103.169.91.217 | 200 OK | 3.0 kB |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/logo.png IP103.169.91.217:0
File typePNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data Hashc6d404ecaa7646ff497deaad55392996 1c66c5caf35e3e633d1cb1e09a334362ad11f5fb bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/logo.png HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: image/png
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/syozai_icon.png | 103.169.91.217 | 200 OK | 1.3 kB |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/syozai_icon.png IP103.169.91.217:0
File typePNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data Hashd038e6e8e4472bbcf6e5dac6a23d5a0e fce966980cd73b2d732e0081b7e8dc9751db160d 5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/syozai_icon.png HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: image/png
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/index.png | 103.169.91.217 | 200 OK | 104 kB |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/index.png IP103.169.91.217:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x516, components 3\012- data Size104 kB (104029 bytes) Hash3b288cf2cf8b233a1f459e89dc209d79 08aa186779070d33edbca5dece75e2760dfa4065 c0315642042bbc5f62714e1bf1ee5df4fd567a38745af3c67ff09b025a56efbb
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/index.png HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: image/png
content-length: 104029
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/banner.png | 103.169.91.217 | 200 OK | 221 kB |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/banner.png IP103.169.91.217:0
File typePNG image data, 670 x 238, 8-bit/color RGB, non-interlaced\012- data Size221 kB (220877 bytes) Hash2f987a1099c7a986fa860cf0e80d7b5d 0a3e6dfbf3b0e7d361ba9fc088e2ef7805ec0310 2fe3b5cadeb4ad9fec7ee39d1f2170c6bb656436597087aa9a582713e53bed75
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | phishing | Phishing - Japan's Tax Agency | | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/banner.png HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: image/png
content-length: 220877
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsrsaovsslca2018 |  104.18.20.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsrsaovsslca2018 IP104.18.20.226:0
Hash7f1820a8081a4de1aff4d0c9664ee330 d6ccc9e6f9a3774ffa1d5843608cb52dfd22c37d c7ff40f0a411a061729090b06af0af4a3ac3fe96a65b189ae612e766221b21c8
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 08:36:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 21 Mar 2023 07:31:57 GMT
ETag: "d6ccc9e6f9a3774ffa1d5843608cb52dfd22c37d"
Last-Modified: Fri, 17 Mar 2023 07:31:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 80
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a93e8552d38b51b-OSL
|
|
| azbrospcrs.duckdns.org/static/hau/jquery-1.9.1.min.js | 103.169.91.217 | 200 OK | 72 kB |
URL HTTP/2azbrospcrs.duckdns.org/static/hau/jquery-1.9.1.min.js IP103.169.91.217:0
Hashc0bddec8f48ec338171480d91faea6e8 2051fac7e47a1a3c08b0e8170bf454b2098feabc 6d9e717f8d10b592ec627b902c13dfbcf0c7ad11eb3a8ef758a7c6265d0f4927
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hau/jquery-1.9.1.min.js HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:45:22 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/favicon.ico | 103.169.91.217 | 404 Not Found | 0 B |
URL HTTP/2azbrospcrs.duckdns.org/favicon.ico IP103.169.91.217:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /favicon.ico HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562; __tins__21566587=%7B%22sid%22%3A%201679042177138%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679043977138%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 17 Mar 2023 08:36:19 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/js/jquery.cookie.js | 103.169.91.217 | 200 OK | 0 B |
URL HTTP/2azbrospcrs.duckdns.org/static/js/jquery.cookie.js IP103.169.91.217:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/ | 103.169.91.217 | 200 OK | 0 B |
IP103.169.91.217:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| azbrospcrs.duckdns.org/static/gs_vk/public.css | 103.169.91.217 | 200 OK | 0 B |
URL HTTP/2azbrospcrs.duckdns.org/static/gs_vk/public.css IP103.169.91.217:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/public.css HTTP/1.1
Host: azbrospcrs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azbrospcrs.duckdns.org/
Cookie: sessionid=2d533ce30dbaceb6f789be72b5e47562
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 08:36:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 08:36:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|