tursi.duckdns.org/login.php?Verification=TRUE&Country=US
20.106.149.200200 OK 40 kB URL HTTP/1.1 tursi.duckdns.org/login.php?Verification=TRUE&Country=US
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (24953)
Hash 636bab31bc123906c110181838ead821
64b1b5a3ea9c0c711fe0b12277adf58e6ff35716
4a7065aa60739b15643ea4121f5d52e18936a22260512d89c9eb4c0749461418
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /login.php?Verification=TRUE&Country=US HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:29 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12504
Expires: Fri, 25 Nov 2022 12:36:53 GMT
Date: Fri, 25 Nov 2022 09:08:29 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 913
Cache-Control: max-age=92275
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:08:29 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 10:46:24 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 08:19:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2966
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5347
Expires: Fri, 25 Nov 2022 10:37:37 GMT
Date: Fri, 25 Nov 2022 09:08:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: r0qlkpGmie8YJuecRxRiYlPsv8nD1P0+cJ0WPI4hut8UPlsVTXSAUxCjU0rdhFJTcznErKh0r+M=
x-amz-request-id: 6V6PK5DC5HXEA39C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 08:43:46 GMT
age: 1484
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:08:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
tursi.duckdns.org/as/s41726790920868
20.106.149.200200 OK 5.5 kB URL HTTP/1.1 tursi.duckdns.org/as/s41726790920868
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (5537)
Hash 64b868e22ffef1f224b869de726b825d
dcf2b762fa538402830676cce8a4c5e679047db6
7755cf60d7a2e8ab769068f918431c6579d2a586e9a4687a966eac8962c35a52
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/s41726790920868 HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:48 GMT
Accept-Ranges: bytes
Content-Length: 5538
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
tursi.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
20.106.149.200200 OK 25 kB URL HTTP/1.1 tursi.duckdns.org/as/AppMeasurement_Module_AudienceManagement.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 26a8cd142b539700557eb4710c3d56bd
46452cb34f2c181ebe255c96c9ea9522f1537500
4858af0bdd1175d3f6c795eb053e7cae348ecb67f0633020d7d925c7672de871
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 25152
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/runtime.24e47bcca0e5b8df.js
20.106.149.200200 OK 4.0 kB URL HTTP/1.1 tursi.duckdns.org/as/runtime.24e47bcca0e5b8df.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (3988), with no line terminators
Hash 19e82f6632beff47a591d8d9898844eb
745646fd24b19616736b1334a77595c8158c3096
53f683216b31c885d6613df4f654d8c76ee381c5e59d14c1580c4fb04f7e8dd1
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/runtime.24e47bcca0e5b8df.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 3988
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/AppMeasurement.min.js
20.106.149.200200 OK 34 kB URL HTTP/1.1 tursi.duckdns.org/as/AppMeasurement.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (32768)
Hash d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/AppMeasurement.min.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33557
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/styles.300dc7a1784cb961.css
20.106.149.200200 OK 74 kB URL HTTP/1.1 tursi.duckdns.org/as/styles.300dc7a1784cb961.css
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 59376fa41035970dd399af380e087aea
190ecfa3c0b1136fe97c4034dc4f0853f87871a8
fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles.300dc7a1784cb961.css HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 73801
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
tursi.duckdns.org/as/polyfills.87d6b856162b755f.js
20.106.149.200200 OK 34 kB URL HTTP/1.1 tursi.duckdns.org/as/polyfills.87d6b856162b755f.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (33921), with no line terminators
Hash a41a401158c68bce6c0449d976f94254
b6712540e7ca18ed5bf7a684a7fa6f60f77775eb
0a032317a19ef60ee4bf3a0bd74b3cdfff1e1a2e1d7cdef29f0de71c5e6e3f2e
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/polyfills.87d6b856162b755f.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 33921
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/styles_r.css
20.106.149.200200 OK 160 kB URL HTTP/1.1 tursi.duckdns.org/as/styles_r.css
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 160 kB (159564 bytes)
Hash ae87d30c231b13077aeaac8434f6a15d
63e2826f29e6912a7f52c0557dc19f3e87b64ace
3298955245d7912cfe82f3cb67dc8e40c9ca08a1c0106ac68e4813f721d75523
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/styles_r.css HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 159564
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 08:11:11 GMT
cache-control: public,max-age=3600
age: 3439
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
tursi.duckdns.org/as/launch-866a03735382.min.js
20.106.149.200200 OK 187 kB URL HTTP/1.1 tursi.duckdns.org/as/launch-866a03735382.min.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (32767)
Size 187 kB (186614 bytes)
Hash 3aa98593c529dd9249016d9eef0766f6
1efb9edd2917af402a4ab3c45589bc0da0f9de6c
8a29b6243bec9aea0e9c4284be37de91fde512b9b80d1c0a48636f95bfa14505
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/launch-866a03735382.min.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 186614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/truist_common.js
20.106.149.200200 OK 243 kB URL HTTP/1.1 tursi.duckdns.org/as/truist_common.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 243 kB (242738 bytes)
Hash 96883d65a2154b539f6d35d275d0204d
ffcdd9ad3c2eb9e2dc9bdf345b7634b7c0602e20
c9732b242d6e796c25b89e5c167f282fd75a499b8797c06d3451e6cbe28af3eb
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/truist_common.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 242738
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3940
Cache-Control: max-age=90239
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:08:30 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:12:29 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
tursi.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
20.106.149.200200 OK 15 kB URL HTTP/1.1 tursi.duckdns.org/as/tru_lg_hrz_rgb_wht_rev.png
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1927 x 767, 8-bit/color RGBA, non-interlaced\012- data
Hash 84796985e04a9f463f26293d1919f3c4
db0a67a0de6fe6a06c4254b82e72e64ed80f0400
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/tru_lg_hrz_rgb_wht_rev.png HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 14599
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
tursi.duckdns.org/as/trulogo_horz-trupurple.png
20.106.149.200200 OK 4.4 kB URL HTTP/1.1 tursi.duckdns.org/as/trulogo_horz-trupurple.png
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 365 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash fe2af793fe57fcace53f91cfed335a8e
250d1d12ba58cade61d74f7f61dbc90bf2556bda
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/trulogo_horz-trupurple.png HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 4376
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
23.38.200.237200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
IP 23.38.200.237:0
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 6f56f25549f094ee43918a26715f4c6b
0b75d52207556fa7879017f81a9445006a637047
57a0cc8a8dfd7a1ab1aa40a84c53b0db4caf025c5c5499bea095b91924139a96
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "26a8cd142b539700557eb4710c3d56bd:1644856531.982003"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 8753
expires: Fri, 25 Nov 2022 10:08:30 GMT
date: Fri, 25 Nov 2022 09:08:30 GMT
cache-control: no-cache
access-control-allow-origin: http://tursi.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Fri, 25 Nov 2022 10:08:30 GMT
date: Fri, 25 Nov 2022 09:08:30 GMT
cache-control: no-cache
access-control-allow-origin: http://tursi.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3449897d374f04734b4a271da0e56ea3
146e838a8351d357c764167eada0ab9531da5133
95b164bc6fbafc4e6e063ed7156441cefb41f9fb822c1f8495325355fb062ae7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6399
Cache-Control: max-age=168302
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:08:31 GMT
Etag: "63805b7e-1d7"
Expires: Sun, 27 Nov 2022 07:53:33 GMT
Last-Modified: Fri, 25 Nov 2022 06:06:54 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
tursi.duckdns.org/as/main.6b2b5be7c0191f9e.js
20.106.149.200200 OK 2.2 MB URL HTTP/1.1 tursi.duckdns.org/as/main.6b2b5be7c0191f9e.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.2 MB (2164385 bytes)
Hash 339a7b86b7bd9fa983e83fa76a63498a
6c890b832e26f7617a5861940706a1f129cc576a
8e7a992bcf52f3c70ac93d33ae5a90702425fc13486f55b3531f5519a5da45ad
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/main.6b2b5be7c0191f9e.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 10:21:02 GMT
Accept-Ranges: bytes
Content-Length: 2164385
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669367310367
99.81.119.147200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669367310367
IP 99.81.119.147:0
File type JSON data\012- , ASCII text, with very long lines (4008), with no line terminators
Hash 374e2a8b0e3ae3018fd5b6fb92931ae4
15b53ba49e06e355b514940e5330311cbeecad65
00d8aca8e881907f8c6c64cc6b7cac59c48b396dc97f551129f72c2f4d0f5418
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&d_nsid=0&ts=1669367310367 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://tursi.duckdns.org
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://tursi.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-07303b075.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=75664342465860910083600699260839496128; Max-Age=15552000; Expires=Wed, 24 May 2023 09:08:31 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: VnVDNZGsQ/c=
Content-Length: 1337
Connection: keep-alive
push.services.mozilla.com/
52.41.253.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.253.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 385YmMrWIszcWc1bkuSqRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: D1gIEVtfZrn+lY0l5cWko96S+48=
tursi.duckdns.org/as/dest5.html
20.106.149.200200 OK 14 kB URL HTTP/1.1 tursi.duckdns.org/as/dest5.html
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash cbec4d4de9f31f17f6f9331f89383d7d
5524cbfba00706b21a72cb1c57e4e575b4e7ad1f
b26151b6cbca0ba0a30c98391039c7d300c1f344c8e118f932c6787470305128
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/dest5.html HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h2vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369110369|1669367309520; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19322%7CvVersion%7C5.4.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:31 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 13579
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
dias.bank.truist.com/ui/assets/images/father-son.png
23.72.139.74200 OK 140 kB URL HTTP/2 dias.bank.truist.com/ui/assets/images/father-son.png
IP 23.72.139.74:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x1600, components 3\012- data
Size 140 kB (140237 bytes)
Hash 13ef1dd9531309bed82c8587228ecb23
322ea99d980c4266d0d6ec4034994545b351e73f
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
GET /ui/assets/images/father-son.png HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 140237
content-type: image/png
etag: W/"140237-1667961614000"
last-modified: Wed, 09 Nov 2022 02:40:14 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
x-oneagent-js-injection: true
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 25 Nov 2022 09:08:31 GMT
X-Firefox-Spdy: h2
tursi.duckdns.org/assets/tru-core-icon-sprite.svg
20.106.149.200404 Not Found 315 B URL HTTP/1.1 tursi.duckdns.org/assets/tru-core-icon-sprite.svg
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/tru-core-icon-sprite.svg HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h2vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369110369|1669367309520; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19322%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 09:08:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e57bcef8d257d32fad9e229c34893226
3ae37eb1e17791449c4a1a6282510d909684c3a0
a2360c8e3ea9c4bf6d31381ac9c3051b73b75625559a68a9c1541d1f2f07b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=168396
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:08:31 GMT
Etag: "638074db-1d7"
Expires: Sun, 27 Nov 2022 07:55:07 GMT
Last-Modified: Fri, 25 Nov 2022 07:55:07 GMT
Server: nginx
Content-Length: 471
sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=71108727889382435034204103780421300847&ts=1669367310843
13.36.218.177200 OK 48 B URL HTTP/2 sstats.truist.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=71108727889382435034204103780421300847&ts=1669367310843
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a4a968b5f4f360fcdcfcbb8f18f622cb
52f732d0a96c2d4ff72f9422da916c8d6a7360b2
fc121c5937c7b6ebcae243a13156a0020c4a6be2a4dc7349c4564275bd10214c
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=AA7A3BC75245B3BC0A490D4D%40AdobeOrg&mid=71108727889382435034204103780421300847&ts=1669367310843 HTTP/1.1
Host: sstats.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://tursi.duckdns.org
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://tursi.duckdns.org
access-control-allow-credentials: true
date: Fri, 25 Nov 2022 09:08:31 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C71108727889382435034204103780421300847; Path=/; Domain=truist.com; Max-Age=63072000; Expires=Sun, 24 Nov 2024 09:08:08 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tursi.duckdns.org/dias/info/config
20.106.149.200404 Not Found 315 B URL HTTP/1.1 tursi.duckdns.org/dias/info/config
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /dias/info/config HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
x-dtpc: -64$167309508_515h4vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h4vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369111294|1669367309520; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19322%7CMCMID%7C71108727889382435034204103780421300847%7CMCAAMLH-1669972110%7C6%7CMCAAMB-1669972110%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669374510s%7CNONE%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 09:08:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
dias.bank.truist.com/ui/favicon.ico
23.72.139.74200 OK 14 kB URL HTTP/2 dias.bank.truist.com/ui/favicon.ico
IP 23.72.139.74:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (673)
Hash ecdab1b25c05e085eaf648ffef881df8
b110666c6379424e9cf50843357eba5e60dea8f5
2299e4cd815978c60d22096d090cc8204b3d5a57d1595fb106b6c44e4bc3724d
GET /ui/favicon.ico HTTP/1.1
Host: dias.bank.truist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/html
etag: W/"1074-1667961614000:dtagent10247220811100421uywL"
last-modified: Wed, 09 Nov 2022 02:40:13 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=0
x-oneagent-js-injection: true
expires: Sun, 20 Nov 2022 19:49:02 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-1725343807", dtSInfo;desc="0"
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 25 Nov 2022 09:08:31 GMT
content-length: 13675
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash bf7ce90e45e1602d32af4a1af78289c5
159b0ecd06be80423088e4dacc877ae3814aa259
04d96c85099b7a5f1a7b9d62c0f3ee98332108a7258691f309f44891a9c8d486
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=107179
Date: Fri, 25 Nov 2022 09:08:32 GMT
Etag: "637f7925-1d7"
Expires: Sat, 26 Nov 2022 14:54:51 GMT
Last-Modified: Thu, 24 Nov 2022 14:01:09 GMT
Server: ECS (bsa/EB18)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ScQUrMNA4hvwFRmzAsq5dbvzUUJPkboRVI7VeD00Vql5rjezjItB-g==
Age: 3222
cm.everesttech.net/cm/dd?d_uuid=75664342465860910083600699260839496128
54.77.60.152302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=75664342465860910083600699260839496128
IP 54.77.60.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=75664342465860910083600699260839496128 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tursi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 25 Nov 2022 09:08:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4CGEAAAAFzVNgMx; Domain=.everesttech.net; Expires=Sat, 25-Nov-2023 09:08:32 GMT; Path=/
everest_session_v2=Y4CGEAAAAFzVNwMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
99.81.119.147302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
IP 99.81.119.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tursi.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0eab94181.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11941719428152888962887370639410924141; Max-Age=15552000; Expires=Wed, 24 May 2023 09:08:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 0Tf7B9I5THc=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
99.81.119.147200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx
IP 99.81.119.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4CGEAAAAFzVNgMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tursi.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-02ae087c0.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: pSnbVmaPQA8=
Content-Length: 59
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3062
Expires: Fri, 25 Nov 2022 09:59:34 GMT
Date: Fri, 25 Nov 2022 09:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3062
Expires: Fri, 25 Nov 2022 09:59:34 GMT
Date: Fri, 25 Nov 2022 09:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3062
Expires: Fri, 25 Nov 2022 09:59:34 GMT
Date: Fri, 25 Nov 2022 09:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3062
Expires: Fri, 25 Nov 2022 09:59:34 GMT
Date: Fri, 25 Nov 2022 09:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3062
Expires: Fri, 25 Nov 2022 09:59:34 GMT
Date: Fri, 25 Nov 2022 09:08:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f4b5f150-a5dc-40bf-93b9-394c294a51cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEmkRFSnIAMF5vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e8481-74454bee1a1ec6d506f3d75b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 20:37:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZVv8iTGCYV-IiBJ6KwNSG1ZWSEwClaQopUejSqZq0S1wd782lRoyKA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:07:32 GMT
age: 39660
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 66d06d3cac1784e4ce6c8c89c300f10a
41ef94d198bbf98185eb332a3b6934c3c26c3afc
55312d1b43447e4f77d8e9e52451bb63a9868ba8122c9e16e0a20479d34367e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2351
x-amzn-requestid: 1e3e6b14-8f46-4b62-a3d1-f5dbe5d5f94f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGupUE_VIAMFa3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f5e3b-573fabc44ce59c2f4c24a32d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 12:06:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XEUrOPYr2rn89eMIJORVFnpqJfxqfjBadcbplZKzqLjDkzHV8NEbHg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 18:51:30 GMT
age: 51422
etag: "41ef94d198bbf98185eb332a3b6934c3c26c3afc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5863138af1ddbba34a7856242a7b3a06
2eba66ff6539388c48562503e8d11ff0e060350a
d1543e1b803a07095148b743925eebbbf21f566a2df9b785a1a9d48c5604496c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8917
x-amzn-requestid: 10f3b269-9437-476d-ae4f-a0ac3fb78491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wEIwoAMF8uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4cfeecf4553b26381ed11875;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lr9z8FWWpMGtxtvcYzeT-ewuydSzpma8I06pszLDQIICotFkB_SZlA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:55:30 GMT
age: 40382
etag: "2eba66ff6539388c48562503e8d11ff0e060350a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31c66612-f3a0-4e62-8b93-c9f774ffc236.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31c66612-f3a0-4e62-8b93-c9f774ffc236.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba7b9c131ab7e5998f25b069ba3860a0
0214fc0deecb1115766802f42cfd256e3c479490
717aa23c687ccebc1b5ebbfd88d0e4fe181fef038d308231842b2b1969f3976b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31c66612-f3a0-4e62-8b93-c9f774ffc236.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6130
x-amzn-requestid: 0ab34b27-2c6b-4a37-87ad-6fa56a265453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wF7KIAMFjlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4a3d24f93ceb37d37a5ce1ee;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SHmcFNiZ97RU02VeLiHLjFynYiSuaQP8T_XKG2UaAigWXG5sYhdVLQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:55:28 GMT
age: 40384
etag: "0214fc0deecb1115766802f42cfd256e3c479490"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05a92b9f554600c920e8b772eb16ee75
7f29e0e2de89f7a88ff0bf2a720365032ef11cc1
4b51a70a0ee6fe0d723880ea70fee25c15bff671d8a484bbb2a3c9962303c735
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 8450975f-bcb2-4b59-b0ef-42e43d1bb16a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM-cGKIIAMFo7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8ec2-7f95154e3177c6e30a925244;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NCCF79BaJkG2j75ihGL9jd3gEE4zajsC9vmEKMmk9u7-wm2s5u4mVQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:43:09 GMT
age: 15923
etag: "7f29e0e2de89f7a88ff0bf2a720365032ef11cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92171fa8fbc051aefeb8ceb6072848de
377775b7c7b085efa6dd653d285ba3a52af6a549
537c4d5cc3ef2e60c3d0171ac31c1dba4ab2ff340108015787a9dd20dc76b7ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6891
x-amzn-requestid: 6da0ae90-c3cc-4e9c-9a0e-3c72b4eb7605
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b7m2NGsvoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637aeb5a-1ed2badf0e84d40e6a052f7a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: daiU0caUPDqn0vVDY_eK8eaMxgIenjmw1vLyUOtVYOs-FmuSIgY3Nw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 11:37:02 GMT
age: 77490
etag: "377775b7c7b085efa6dd653d285ba3a52af6a549"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tursi.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2963929154&en=9va2smjd&end=1
20.106.149.200404 Not Found 315 B URL HTTP/1.1 tursi.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2963929154&en=9va2smjd&end=1
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=2963929154&en=9va2smjd&end=1 HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2366
Origin: http://tursi.duckdns.org
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h-vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369111886|1669367309520; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19322%7CMCMID%7C71108727889382435034204103780421300847%7CMCAAMLH-1669972110%7C6%7CMCAAMB-1669972110%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669374511s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19329%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 09:08:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
tursi.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=3751420482&en=9va2smjd&end=1
20.106.149.200404 Not Found 315 B URL HTTP/1.1 tursi.duckdns.org/ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=3751420482&en=9va2smjd&end=1
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /ui/rb_dd022447-99bb-4e4a-8e68-67aec1c3d505?type=js3&sn=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO&svrid=-64&flavor=post&vi=HVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0&modifiedSince=1668734971679&rf=http%3A%2F%2Ftursi.duckdns.org%2Flogin.php%3FVerification%3DTRUE%26Country%3DUS&bp=3&app=307988b0f4afb8ec&crc=3751420482&en=9va2smjd&end=1 HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 3544
Origin: http://tursi.duckdns.org
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h-vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369111886|1669367309520; dtLatC=50; dtSa=-; AMCV_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1176715910%7CMCIDTS%7C19322%7CMCMID%7C71108727889382435034204103780421300847%7CMCAAMLH-1669972110%7C6%7CMCAAMB-1669972110%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669374511s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19329%7CvVersion%7C5.4.0; AMCVS_AA7A3BC75245B3BC0A490D4D%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 09:08:35 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
tursi.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
20.106.149.200200 OK 0 B URL HTTP/1.1 tursi.duckdns.org/as/ruxitagentjs_A27Vfgqrux_10247220811100421.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/ruxitagentjs_A27Vfgqrux_10247220811100421.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:50 GMT
Accept-Ranges: bytes
Content-Length: 199861
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
tursi.duckdns.org/as/scripts.1c82821384a86f51.js
20.106.149.200200 OK 0 B URL HTTP/1.1 tursi.duckdns.org/as/scripts.1c82821384a86f51.js
IP 20.106.149.200:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /as/scripts.1c82821384a86f51.js HTTP/1.1
Host: tursi.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tursi.duckdns.org/login.php?Verification=TRUE&Country=US
Cookie: dtCookie=v_4_srv_-2D64_sn_K2K7U4O94356RLRR6JD49D5T4KBL2NIO; rxVisitor=1669367309518MMN6PJG0HOAME7S3C3T8Q8AL8L3FVM7K; dtPC=-64$167309508_515h1vHVAULVSHRHDJVJFROFUMJHCQADBBDMKB-0e0; rxvt=1669369109520|1669367309520
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:08:30 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 06:38:52 GMT
Accept-Ranges: bytes
Content-Length: 162165
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript