urlquery - report: freememberne18.duckdns.org/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
r3.o.lencr.org (2)	344	2020-12-02 08:52:13 UTC	2022-09-21 04:18:22 UTC	23.36.77.32
freememberne18.duckdns.org (10)	0	2022-09-21 09:29:24 UTC	2022-09-21 15:35:50 UTC	104.208.74.238	Unknown ranking
cdnjs.cloudflare.com (1)	235	2020-10-20 10:17:36 UTC	2022-09-21 05:55:51 UTC	104.17.24.14
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-09-21 15:45:34 UTC	93.184.220.29
push.services.mozilla.com (1)	2140	2015-09-03 10:29:36 UTC	2022-09-21 04:20:37 UTC	54.148.17.90
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-09-21 14:38:57 UTC	34.120.237.76
fonts.googleapis.com (1)	8877	2014-07-21 13:19:55 UTC	2022-09-21 14:09:32 UTC	142.250.74.10
firefox.settings.services.mozilla.com (2)	867	2020-06-04 20:08:41 UTC	2022-09-21 16:01:18 UTC	143.204.55.115
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-09-21 04:20:37 UTC	34.117.237.239
ocsp.pki.goog (2)	175	2017-06-14 07:23:31 UTC	2022-09-21 04:20:12 UTC	142.250.74.3
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-09-21 04:18:32 UTC	143.204.55.35

Scan Date	Severity	Indicator	Comment
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp
2022-09-21	2	freememberne18.duckdns.org/	WhatsApp

Scan Date	Severity	Indicator	Comment
2022-09-21	2	freememberne18.duckdns.org/	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/6.jpeg	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/3.jpeg	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/4.jpeg	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/2.jpeg	Phishing
2022-09-21	2	freememberne18.duckdns.org/fonts/google.ttf	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/bkp.jpeg	Phishing
2022-09-21	2	freememberne18.duckdns.org/img/5.jpeg	Phishing

Date	UQ / IDS / BL	URL	IP
2022-09-23 05:58:27 +0000	4 - 0 - 1	freemember5507.duckdns.org/login.php	104.208.74.238
2022-09-22 14:45:09 +0000	4 - 0 - 0	freeclub1759.duckdns.org/login.php	104.208.74.238
2022-09-21 20:45:17 +0000	11 - 0 - 18	freememberne18.duckdns.org/index.php	104.208.74.238
2022-09-21 20:45:01 +0000	4 - 0 - 4	freememberne18.duckdns.org/login.php	104.208.74.238
2022-09-21 20:44:38 +0000	11 - 0 - 18	freememberne18.duckdns.org/	104.208.74.238

Date	UQ / IDS / BL	URL	IP
2023-02-02 20:32:58 +0000	0 - 1 - 0	files.mepcad.com/downloads/AutoSPRINK/AccessD (...)	40.71.85.34
2023-02-02 19:34:22 +0000	3 - 0 - 0	firstappad.me/subu2b38ebf645e2e7629d2dbe3308a923de	20.113.188.243
2023-02-02 18:26:01 +0000	0 - 1 - 0	nam03.safelinks.protection.outlook.com/?url=w (...)	104.47.56.156
2023-02-02 18:15:57 +0000	0 - 3 - 1	52.152.223.228/update/300.exe	52.152.223.228
2023-02-02 16:57:23 +0000	0 - 0 - 0	eur02.safelinks.protection.outlook.com/?url=h (...)	104.47.11.28

Date	UQ / IDS / BL	URL	IP
2022-09-21 20:45:17 +0000	11 - 0 - 18	freememberne18.duckdns.org/index.php	104.208.74.238
2022-09-21 20:45:01 +0000	4 - 0 - 4	freememberne18.duckdns.org/login.php	104.208.74.238
2022-09-21 20:44:38 +0000	11 - 0 - 18	freememberne18.duckdns.org/	104.208.74.238
2022-09-21 15:36:01 +0000	4 - 0 - 4	freememberne18.duckdns.org/login.php	104.208.74.238
2022-09-21 10:54:30 +0000	4 - 0 - 1	freememberne18.duckdns.org/login.php	104.208.74.238

Date	UQ / IDS / BL	URL	IP
2023-01-31 16:40:48 +0000	0 - 2 - 16	freeclubnew804.16-b.it/	20.66.41.139
2023-01-27 07:56:36 +0000	0 - 2 - 16	freeclubfree2023.16-b.it/	20.66.41.139
2023-01-24 08:18:13 +0000	0 - 0 - 16	newmemberfree45.16-b.it/	20.66.41.139
2022-12-23 19:15:48 +0000	0 - 3 - 16	clubfreenew803.16-b.it/	20.9.70.76
2022-12-20 07:33:41 +0000	0 - 2 - 6	newmembernew038.16-b.it/	20.9.70.76

HTTP Transactions (28)

Request	Response
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Wed, 21 Sep 2022 20:13:43 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: RSBIow73NuaRnLwApTVIqVE6JjcE0PrzuJ-G5_phIlW2uzJpKZql2w== Age: 1844 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 804f8bbb7f556d51a5f52d5ebd5b6eef Sha1: 922cd7e06df278615a04abb81d811d14596c8180 Sha256: ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2" Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2841 Expires: Wed, 21 Sep 2022 21:31:49 GMT Date: Wed, 21 Sep 2022 20:44:28 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a26d0784548ecab22f417f3d689daf23 Sha1: 8893b79366bbadeb5c8d587b8f023e310694df1c Sha256: 35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 143.204.55.35 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 143.204.55.35 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Sat, 10 Sep 2022 18:47:45 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Wed, 21 Sep 2022 04:35:14 GMT etag: "6113f8408c59aebe188d6af273b90743" x-cache: Hit from cloudfront via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: V54NOHec0kYWhMDRAAsAEsn8sH9Ag6ud9huSpRN2LPmCGL_5l9_YkA== age: 58155 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET / HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: freememberne18.duckdns.org/ FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 89dd42d512e0179385dabb2c2f5294e4ce3386be8344747c25b0485e3929c093 104.208.74.238 HTTP/1.1 200 OK content-type: text/html; charset=UTF-8 Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-length: 1027 content-encoding: gzip vary: Accept-Encoding date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text Size: 1027 Md5: b42c7dc24d50dd2b6ba67fe7772acba4 Sha1: c7277329f31dd81c35a8d0fa8d5c54a8e111820a Sha256: 89dd42d512e0179385dabb2c2f5294e4ce3386be8344747c25b0485e3929c093 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Wed, 21 Sep 2022 20:44:28 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://freememberne18.duckdns.org/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdnjs.cloudflare.com/ajax/libs/material-design-iconic-f (...) FQDN: cdnjs.cloudflare.com IP: 104.17.24.14 HASH: 312d94bafa68e11e3a4a8d7c06bc25ee161d1d965afb1fa99db79815a272d0bf 104.17.24.14 HTTP/2 200 OK content-type: text/css; charset=utf-8 date: Wed, 21 Sep 2022 20:44:28 GMT content-length: 5845 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03ed9-1149f" last-modified: Mon, 04 May 2020 16:12:09 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary: Accept-Encoding cf-cache-status: HIT age: 5948711 expires: Mon, 11 Sep 2023 20:44:28 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e9ZBhh9MoUdX3NrvOF11smKfpff1%2Fkyfr4cLtf9rBDBr5YZ4wKrn1%2F9nPUJpz7X1ThosfgJXYxcr2rMF1IMUC2wjl%2FLcUkDt9ccuNjfjF04GdbnpQk05pT5CAOhYZjSuAx2tEy5"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 74e5a395cd14b503-OSL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (65536), with no line terminators Size: 5845 Md5: a7e25a22602a2b2ed35f90fd5210cff1 Sha1: 148c4f275b60e6cf6253d6b4c7bdc486515b2202 Sha256: 312d94bafa68e11e3a4a8d7c06bc25ee161d1d965afb1fa99db79815a272d0bf
GET /css/style.css HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/css/style.css FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 95029f6ae3a66b3d6248a1c29b1cb2c3e5c3481795459c61b754780b5d1850d1 104.208.74.238 HTTP/1.1 200 OK content-type: text/css Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Wed, 19 Feb 2020 20:41:46 GMT accept-ranges: bytes content-encoding: gzip vary: Accept-Encoding content-length: 989 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: ASCII text Size: 989 Md5: cfb120ae8eda46530756adc43dd32c48 Sha1: 2fb0eaa540871379f33d2cafd8c6d5cdb75fcbdf Sha256: 95029f6ae3a66b3d6248a1c29b1cb2c3e5c3481795459c61b754780b5d1850d1 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 21 Sep 2022 20:44:28 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: 5f68499f2ba3b2c5aa7e979ee9b4d3a8 Sha1: 67a456fe80bd69aa2fbd0331ba343d1789509d0f Sha256: 394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Wed, 21 Sep 2022 20:03:22 GMT Cache-Control: max-age=3600 Expires: Wed, 21 Sep 2022 20:55:20 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: -qXv_RukOldH7Z9kI1IDesU31h8AoRm07Ng3X5qEp9dhXzjQn51Otw== Age: 2466 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 21 Sep 2022 20:44:28 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: 5f68499f2ba3b2c5aa7e979ee9b4d3a8 Sha1: 67a456fe80bd69aa2fbd0331ba343d1789509d0f Sha256: 394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: b1b6f0e78b5a1e2092cba6d71d0d5a918066c0486176cef0a19f51e2d5a9962e 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5863 Cache-Control: 'max-age=158059' Date: Wed, 21 Sep 2022 20:44:29 GMT Last-Modified: Wed, 21 Sep 2022 19:06:46 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: ff6d50919e56aed75c47feb45ee2f2ec Sha1: 98f558a4b2d4f3c271abc93d0b74ece4ad7a59ef Sha256: b1b6f0e78b5a1e2092cba6d71d0d5a918066c0486176cef0a19f51e2d5a9962e
GET /img/icon.png HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/icon.png FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27 104.208.74.238 HTTP/1.1 200 OK content-type: image/png Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Wed, 19 Feb 2020 20:41:46 GMT accept-ranges: bytes content-length: 2043 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: PNG image data, 194 x 194, 8-bit colormap, non-interlaced\012- data Size: 2043 Md5: 6bb288b8ba772471f23cee4f99b54c08 Sha1: f72bf6750892a25cc40b590bafb2038109bd77ad Sha256: 3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp
GET /img/6.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/6.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: e40849abf2ae2ee23b40643b3f74fe0cc09305b165e94bcfd4e4a546cb6d66a5 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Sat, 05 Mar 2022 21:01:00 GMT accept-ranges: bytes content-length: 72610 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 718x961, components 3\012- data Size: 72610 Md5: d9e1192d39c9b9bcedac7ed1d9ffddc4 Sha1: 53c988c9a923853c0daa7fae7c4e3b334fd3e5ba Sha256: e40849abf2ae2ee23b40643b3f74fe0cc09305b165e94bcfd4e4a546cb6d66a5 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /img/3.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/3.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 4b1a282d3d91709ee26e9d80b62d2df200b51e68879d3e40e628711bc67afd16 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Sat, 05 Mar 2022 21:01:00 GMT accept-ranges: bytes content-length: 36043 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 764x1472, components 3\012- data Size: 36043 Md5: 451e12cde0da653dd41882eebbbdaa97 Sha1: a0271979c1c26f16eda8f099d74819b1b3bc6587 Sha256: 4b1a282d3d91709ee26e9d80b62d2df200b51e68879d3e40e628711bc67afd16 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: SurxAlbPr39U96bp6IgPfg== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.148.17.90 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.148.17.90 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: Fl7b66sAthRV1+xQlMzrVdDkgg4= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /img/4.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/4.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 21ee097d24dae915b4570f85b6418ff976e02e2b96f6cfca89225680842eca02 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Sat, 05 Mar 2022 21:01:00 GMT accept-ranges: bytes content-length: 76986 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1431, components 3\012- data Size: 76986 Md5: 4ca744d4eb3ef1a58494ff423c37a6af Sha1: c56325c206381c38fd3fdd2a1c2a72e179382c92 Sha256: 21ee097d24dae915b4570f85b6418ff976e02e2b96f6cfca89225680842eca02 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /img/2.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/2.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: f7479e536a0305e53f5ac47c50d6bed758254d4ddb8a75b5efa49c60e081ab0e 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:29 GMT last-modified: Sat, 05 Mar 2022 21:01:00 GMT accept-ranges: bytes content-length: 53783 date: Wed, 21 Sep 2022 20:44:29 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x711, components 3\012- data Size: 53783 Md5: 5b7ec37bb713c408ba1dee626a1aadc0 Sha1: 27f77b5fb32378a11ae122a657bd4050ad9c0a28 Sha256: f7479e536a0305e53f5ac47c50d6bed758254d4ddb8a75b5efa49c60e081ab0e Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /fonts/google.ttf HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/css/style.css	URL: freememberne18.duckdns.org/fonts/google.ttf FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 103fd658e63f6d7db368a8386c20ef487d9415280532a641c314af9326e83b71 104.208.74.238 HTTP/1.1 200 OK content-type: font/ttf Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:29 GMT last-modified: Wed, 19 Feb 2020 20:41:46 GMT accept-ranges: bytes content-encoding: gzip vary: Accept-Encoding content-length: 17520 date: Wed, 21 Sep 2022 20:44:29 GMT server: LiteSpeed --- Additional Info --- Magic: TrueType Font data, 13 tables, 1st "GPOS", 7 names, Microsoft, language 0x409, type 1 string, Product SansRegular1.009;GOOG;ProductSans-RegularVersion 1.009;PS 1.000;hotconv 1.0.88;makeotf.l\012- data Size: 17520 Md5: feb699769392c4e13e7872257d6096c9 Sha1: c731a5abea17865b95fc3a845edce501222b49a0 Sha256: 103fd658e63f6d7db368a8386c20ef487d9415280532a641c314af9326e83b71 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /img/bkp.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/bkp.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 6106c8f6d048c4a66da9b2d42e80a3250421d44e75ea4f28a71f234c6298b6e9 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Sat, 05 Mar 2022 20:55:00 GMT accept-ranges: bytes content-length: 147737 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1179, components 3\012- data Size: 147737 Md5: 658802f94171e9b26afb324cd94495ff Sha1: 0543f5c6ef078615e7f5ff5743fcc5c25fdf7baf Sha256: 6106c8f6d048c4a66da9b2d42e80a3250421d44e75ea4f28a71f234c6298b6e9 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
GET /img/5.jpeg HTTP/1.1 Host: freememberne18.duckdns.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://freememberne18.duckdns.org/	URL: freememberne18.duckdns.org/img/5.jpeg FQDN: freememberne18.duckdns.org IP: 104.208.74.238 HASH: 4d9c7e8cd593d2f7d847f7244c296f2bfde3784223e578be82f3b8ff2ad635d1 104.208.74.238 HTTP/1.1 200 OK content-type: image/jpeg Connection: Keep-Alive Keep-Alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Sep 2022 20:44:28 GMT last-modified: Sat, 05 Mar 2022 21:01:00 GMT accept-ranges: bytes content-length: 94974 date: Wed, 21 Sep 2022 20:44:28 GMT server: LiteSpeed --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1075x1454, components 3\012- data Size: 94974 Md5: 0b142ec60a89f2156b49c0dcc6ae834d Sha1: 0e0cf7111a81c099cb4473f85cc3e24c911bbbf5 Sha256: 4d9c7e8cd593d2f7d847f7244c296f2bfde3784223e578be82f3b8ff2ad635d1 Alerts: urlquery: - DynDNS domain detected Blocklists: - openphish: WhatsApp - fortinet: Phishing
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2" Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8886 Expires: Wed, 21 Sep 2022 23:12:36 GMT Date: Wed, 21 Sep 2022 20:44:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8ebb267e443b81854ef9a01b3eb6489d Sha1: b932e9e5679da5a9160da5429458041765509b52 Sha256: 4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc349860f-d61d-42ea-8638-7ebcefe23e00.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 2349b9e1233d43cf8d0ff273f8bf6147dda00314fd631a81cb278ce0b8e32684 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12545 x-amzn-requestid: 6720348a-0245-486b-a978-2df18eb4bd43 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Yl7YKHayIAMFo1Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6325729a-2601f775219651777cba839c;Sampled=0 x-amzn-remapped-date: Sat, 17 Sep 2022 07:09:14 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: NdQpOGtyA7AxpmkvFf3K3IrkgSku9QQzQ4BvpoRfTv16Kj1Gr6n7oA== via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Sep 2022 07:34:13 GMT age: 47417 etag: "9b17ad091f936a8dd50126ce9ad5f9a7fd7d55f8" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12545 Md5: 1976af26c5d4a671c8298bffafc90ce3 Sha1: 9b17ad091f936a8dd50126ce9ad5f9a7fd7d55f8 Sha256: 2349b9e1233d43cf8d0ff273f8bf6147dda00314fd631a81cb278ce0b8e32684
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10244 x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YYwBkGqjIAMFz0Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0 x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA== via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Sep 2022 19:20:13 GMT age: 5057 etag: "b1cd04a66852694284eeef16a1cde38896e33c03" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10244 Md5: 14e6ddceb639a5f4875aecb796f95c79 Sha1: b1cd04a66852694284eeef16a1cde38896e33c03 Sha256: 4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9201 x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YxzxlEYcoAMFaQQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0 x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT x-amz-cf-pop: SFO5-P2, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw== via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google date: Tue, 20 Sep 2022 22:14:57 GMT etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54" age: 80973 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9201 Md5: a692964324dbb9c460a1b855808d02e6 Sha1: 1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54 Sha256: 3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6897 x-amzn-requestid: 509dc368-dd1c-4be7-94ff-64dbd53c199f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YoqoRG2WIAMFw6A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63268b01-1cb916c251fd5f2f3cf10435;Sampled=0 x-amzn-remapped-date: Sun, 18 Sep 2022 03:05:37 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: vs0CTuiAdjRtfJD9qX9S5R07Hw6BWfiOAT50GwTdiSETdoqr2FNsyw== via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Sep 2022 04:14:25 GMT age: 59405 etag: "91df60162a8322469cada0dd8eb93619f28aec1a" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6897 Md5: 8bae3a7a80ff40df1d701dfc925ddeff Sha1: 91df60162a8322469cada0dd8eb93619f28aec1a Sha256: fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12654 x-amzn-requestid: efc99152-2b51-462d-b48b-67ba8263b1cf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YpOJOGVYoAMFcvQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6326c3d4-00eeb6913e06ac151f293263;Sampled=0 x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: nSWUmBqJPIBYNoLtyrfAN7CK4367b6TEku9eki8BGJVdTWW3dSyckw== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Sep 2022 06:45:55 GMT age: 50315 etag: "d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12654 Md5: f7b780d39877eea116277625aaa01f1b Sha1: d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db Sha256: ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 11832 x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YugI_EsLIAMFdmQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0 x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: gLh2EBTPdXvFtZuYKH1NVZebvnz4Rhs-f_rZPtfJpIWNemEk0upeOQ== via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google date: Tue, 20 Sep 2022 22:07:08 GMT age: 81442 etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11832 Md5: 2ed7323b395e757f7766ea0045efdaca Sha1: 8b91bc3069a3217bc719c27959d578b353b5d9dc Sha256: 8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
GET /css?family=Kanit&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://freememberne18.duckdns.org/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: fonts.googleapis.com/css?family=Kanit&display=swap FQDN: fonts.googleapis.com IP: 142.250.74.10 142.250.74.10 HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Wed, 21 Sep 2022 20:44:28 GMT date: Wed, 21 Sep 2022 20:44:28 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info ---

URL	freememberne18.duckdns.org/
IP	104.208.74.238 (Hong Kong)
ASN	#8075 MICROSOFT-CORP-MSN-AS-BLOCK
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-09-21 20:44:38 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	18
urlquery alerts	11 DynDNS domain detected
Tags	None

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.208.74.238

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Last 5 reports on domain: freememberne18.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (28)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.208.74.238

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Last 5 reports on domain: freememberne18.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (28)

Network Intrusion Detection Systems