Overview

URL requireloginaccesspage-53rd.duckdns.org/500da
IP162.214.54.207
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-09-23 13:47:01 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
2022-09-22 2 requireloginaccesspage-53rd.duckdns.org/ Fifth Third Bank
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/ Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/assets/dist/js/forms.js Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/assets/dist/js/plugins/Founda (...) Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/assets/dist/js/FormValidation (...) Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/assets/img/logo.svg Phishing
2022-09-23 2 requireloginaccesspage-53rd.duckdns.org/500da/assets/fonts/icomoon.ttf Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-23 05:06:17 UTC 104.17.25.14
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-23 10:16:36 UTC 142.250.74.10
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-23 04:34:39 UTC 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-23 04:49:01 UTC 143.204.55.25
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-23 04:33:41 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-23 08:34:06 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-23 05:02:25 UTC 34.215.56.181
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-23 07:14:46 UTC 143.204.55.36
mnemonic passive DNS requireloginaccesspage-53rd.duckdns.org (13) 0 2022-09-22 11:18:51 UTC 2022-09-23 04:05:09 UTC 162.214.54.207 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-23 04:02:43 UTC 34.120.237.76
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-23 04:33:33 UTC 142.250.74.3


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.214.54.207

Date UQ / IDS / BL URL IP
2022-09-27 05:30:18 +0000
14 - 0 - 33 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-27 05:28:54 +0000
14 - 0 - 33 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-27 05:26:20 +0000
13 - 0 - 30 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-26 21:41:34 +0000
14 - 0 - 20 requireloginaccesspage-53rd.duckdns.org/7c039 (...) 162.214.54.207
2022-09-26 21:38:09 +0000
13 - 0 - 18 requireloginaccesspage-53rd.duckdns.org/7c039 (...) 162.214.54.207

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-12-04 03:25:52 +0000
0 - 0 - 4 my-netbank.commbank.application.com.au.pank.c (...) 162.214.224.110
2022-12-04 03:11:06 +0000
0 - 0 - 8 192.185.129.69/~lampoljy/ib.absa.co.za/php/of (...) 192.185.129.69
2022-12-04 02:57:30 +0000
0 - 0 - 7 brdardecorating.com/ 192.232.223.68
2022-12-04 03:03:27 +0000
0 - 0 - 1 tazza.ae/wp-admin/images/my.unblockcash/b96db (...) 162.215.220.220
2022-12-04 03:03:36 +0000
0 - 0 - 1 tazza.ae/wp-admin/images/my.unblockcash/b96db (...) 162.215.220.220

Last 5 reports on domain: requireloginaccesspage-53rd.duckdns.org

Date UQ / IDS / BL URL IP
2022-09-27 05:30:18 +0000
14 - 0 - 33 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-27 05:28:54 +0000
14 - 0 - 33 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-27 05:26:20 +0000
13 - 0 - 30 requireloginaccesspage-53rd.duckdns.org/500da (...) 162.214.54.207
2022-09-26 21:41:34 +0000
14 - 0 - 20 requireloginaccesspage-53rd.duckdns.org/7c039 (...) 162.214.54.207
2022-09-26 21:38:09 +0000
13 - 0 - 18 requireloginaccesspage-53rd.duckdns.org/7c039 (...) 162.214.54.207

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-02 04:52:34 +0000
20 - 0 - 10 www.5fh3rdsecauth.dynamic-dns.net/ 20.25.73.19
2022-12-02 04:05:56 +0000
19 - 0 - 8 5fh3rdsecauth.dynamic-dns.net/ 20.25.73.19
2022-12-02 04:05:37 +0000
19 - 0 - 10 secauth53.app.link/ 54.230.111.23
2022-11-17 21:44:35 +0000
13 - 0 - 0 user53.redirectme.net/login.php 192.34.60.164
2022-11-17 20:59:28 +0000
13 - 0 - 0 user53.redirectme.net/login.php 192.34.60.164


JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (39)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 13:18:10 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GN0XIS9HMyVYzE4C8yomvJS0KzCY8ValWzwIaUbD7YX_7LMyCsMILg==
Age: 1720


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /500da HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         162.214.54.207
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 23 Sep 2022 13:46:50 GMT
Server: Apache
Location: http://requireloginaccesspage-53rd.duckdns.org/500da/
Content-Length: 261
Keep-Alive: timeout=5, max=1150
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   261
Md5:    869d0d1c6ba372774b3c95a8a2e5e76a
Sha1:   4aba83a0174c772b002cd24990dc6250d76e8883
Sha256: 22d90b8621c769f18b0c4430a1bf4d2d01bae84b65307c755885c07628e8c364

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5250
Expires: Fri, 23 Sep 2022 15:14:20 GMT
Date: Fri, 23 Sep 2022 13:46:50 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8ooGCxyK8V2X0eVUCi3zA6jZzHZvP5TwxkpCstxwI4dB5PC7hHk_TA==
age: 33096
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 23 Sep 2022 13:46:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 23 Sep 2022 13:03:22 GMT
Expires: Fri, 23 Sep 2022 13:23:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ReaQBa0mw1krPkMRRbOyUPRrgSs51bcI3sOHTdaL6d7sVa4dSv7VJg==
Age: 2609


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5773
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 13:46:51 GMT
Last-Modified: Fri, 23 Sep 2022 12:10:38 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2X0lhgcQVTLLQHb/qYm3zw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.215.56.181
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: L56wyKVRqYUkeud3neXZkNXPo8A=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2292
Expires: Fri, 23 Sep 2022 14:25:03 GMT
Date: Fri, 23 Sep 2022 13:46:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2292
Expires: Fri, 23 Sep 2022 14:25:03 GMT
Date: Fri, 23 Sep 2022 13:46:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2292
Expires: Fri, 23 Sep 2022 14:25:03 GMT
Date: Fri, 23 Sep 2022 13:46:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2292
Expires: Fri, 23 Sep 2022 14:25:03 GMT
Date: Fri, 23 Sep 2022 13:46:51 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:07:28 GMT
age: 56363
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10127
Md5:    b877ead4a15221fdd278ef27f281a7ec
Sha1:   48c10714503e8dfdd3e3c3d39b919ef2792f0d15
Sha256: f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8497
x-amzn-requestid: 8543ac70-48ab-4523-856f-5d5fa1191c97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yin-pEryoAMFTfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324205d-660bba3f655f940d143bc437;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:06:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e9KUFhjuFMzjuh37rFiNKaMNVaGZwPGBkLrv0zgfSTT7dCIuWj4G9Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:27 GMT
age: 56124
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8497
Md5:    7606ff88f05062b66970d9805f38987a
Sha1:   d47db5fcd83023b4a8de40a47d4510e183de387a
Sha256: 20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:26 GMT
age: 56125
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5340
Md5:    3b318ea5c36d2b22b925f7dfe382df5f
Sha1:   0264e73c4cfff0bb255757c7e1c760a5ad3ece80
Sha256: 0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 57509
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8029
Md5:    02a682b4703bb9d6381c762726c05531
Sha1:   1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
Sha256: fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z0uCxl-5L4gijwJsCjssxmgnJr4yhzvtiZdcX4wOXzgiuh8-Yj92vg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 04:32:56 GMT
age: 33235
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10279
Md5:    8ea5f06ad31f0cedd2cb5c6df82f35f4
Sha1:   60a83a1618ffae06e49ca3002bac1db9980dcfe8
Sha256: 5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5936
x-amzn-requestid: 39e79389-c158-4427-aae0-b1d0dc1d0377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VowElZoAMF2Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfd1-2da28eb66f876af76158b090;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -DSp0__jaBzizsfagTtIpwhkPqkvjS1L6T17J0OS5W0QhZww03ywpw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:29 GMT
age: 56122
etag: "370d166426ad83fc04ccb6e300238d8cb6ab644a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5936
Md5:    61059307f07edc4e2ba9d07a258bca43
Sha1:   370d166426ad83fc04ccb6e300238d8cb6ab644a
Sha256: 55ec802097ab49f275686e99844ff4a3b554c8998213bb9c3f0380709297c55b
                                        
                                            GET /500da/ HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 23 Sep 2022 13:46:50 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=1149
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2689), with CRLF line terminators
Size:   6548
Md5:    e546a8dd3d2ec2f90b66ccf182f41328
Sha1:   31cae27c4baab3334efbc128982f25c7d183eb99
Sha256: b0bbd4762f8eb410c9c7ccfb9078711316240ec92018c2d16063009a95103ad1

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /ajax/libs/es6-shim/0.35.3/es6-shim.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 13:46:52 GMT
content-length: 14321
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e54-dca5"
last-modified: Mon, 04 May 2020 16:09:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 2656204
expires: Wed, 13 Sep 2023 13:46:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2g3nz4V4qUMpatv2NRv4UxhzlhPyPSA6bmEbY1d28sVB6sdFVUuNWvHfqU4A%2Bp0CGZc0kHoXkKehEfsUuUnQowSafmdV%2FRQ%2FD3u8p5d4ovn3QRkbP9CINb9At2ZRPzNxxaAv2zv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f3ba9edeecb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32014)
Size:   14321
Md5:    eb4ac442850e11463eec24148ce333a5
Sha1:   edc473d05b9d97a09625f8b8f0fcca8565ab8cbe
Sha256: a3d6f16e507899f64132cb657ca82fba1b4249afce43f1f5bfdedccfdd817513
                                        
                                            GET /500da/assets/css/cms.css HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 25688
Keep-Alive: timeout=5, max=1148
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   25688
Md5:    541ec527c4d4cfd8676e600166c9e500
Sha1:   1040227de1c04dc5e313b833f5c34ad8340a5dab
Sha256: e7070d1b1fa222910a0e357b58fea896920b05a496653a5e0bc0ebe2516ff3ff

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /500da/assets/dist/js/forms.js HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 13961
Keep-Alive: timeout=5, max=1150


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   13961
Md5:    105590c6062e49fa6e7f449936ab9920
Sha1:   ae01fef4b4b5b6ed0e19049f6737c419ab83a28e
Sha256: b8b709a8a41499ce945c344fb7cc53f8f1b99f66d8f72e81d87f1847c40ba873

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /500da/assets/dist/js/plugins/Foundation.min.js HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 2029
Keep-Alive: timeout=5, max=1150


--- Additional Info ---
Magic:  ASCII text, with very long lines (2029), with no line terminators
Size:   2029
Md5:    e47ecd93128ab399fcef3241a216f527
Sha1:   f5917be5c7d75a2f41b9a6c4c3422b69acd109ff
Sha256: e347bf8a60497f126cd8d4df5cef31df2daa7ea19b48a0cb2c4070b6689dda51

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /500da/assets/dist/css/formValidation.min.css HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 19343
Keep-Alive: timeout=5, max=1150


--- Additional Info ---
Magic:  ASCII text, with very long lines (9642)
Size:   19343
Md5:    a04f3fe72bc421c126256e5cacf1e7c7
Sha1:   87895f89616146f124266cdf7b17323ef0d17557
Sha256: a1df840d52a6e1a2b85ed8ea59e25b34c824d520ca34b2a84adf7fef4b2689d8

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /500da/assets/dist/js/FormValidation.min.js HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 67938
Keep-Alive: timeout=5, max=1150


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   67938
Md5:    958e5454cf92264436c2c3c1de4c1c0c
Sha1:   f0fb820b4174e553b9f148f986b71df40ca49c52
Sha256: d90224cd9ba0d138e7ba721d12b39e5e680999b2a1b246691542b195514e91ad

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /500da/assets/css/style2.css HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 23 Sep 2022 13:46:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 688534
Keep-Alive: timeout=5, max=1150


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   688534
Md5:    dd449df7028e3bd8186cabbf67e26fe9
Sha1:   e43919c90b86c0617634579dbaad981e089fa4fe
Sha256: 933bb612af6b924252fa5c1717819f78e3c9d8d1cde1b57691dcf778d1a46784

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /500da/assets/img/logo.svg HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 4875
Keep-Alive: timeout=5, max=1149
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   4875
Md5:    9f2349c5301e7295483e485e7fa98131
Sha1:   3764d6d3bced36d04ad0cb85b915f1094fba64a1
Sha256: 617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Open+Sans:300,400,400i,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 23 Sep 2022 13:46:55 GMT
date: Fri, 23 Sep 2022 13:46:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   45707
Md5:    4062018ffed2da8be25173facf0932aa
Sha1:   d8fcd9054d9bcae2805a2411b6fd8fb9a15a4c13
Sha256: f6dd9aa4156d2431f1695741566d879762b10df159ec2115f31dbb482efd7e6e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /500da/assets/fonts/icomoon.ttf HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/assets/css/style2.css

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: font/ttf
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 31544
Keep-Alive: timeout=5, max=1149
Connection: Keep-Alive


--- Additional Info ---
Magic:  TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size:   31544
Md5:    9565bfbf276f7b6080aa36c5007d3f38
Sha1:   01f5eb7b10d0a05d369f695a7cbf6800323876ff
Sha256: d7b10f6c9cbc8a3f931c867112393e3274a8ca0e1c3244839ecc7a6ffda64ee4

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /500da/assets/img/equal_housing_logo.png HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 2758
Keep-Alive: timeout=5, max=1149
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 18 x 15, 8-bit colormap, non-interlaced\012- data
Size:   2758
Md5:    ba4bacebf5dffb84ec9fd4dfb1108a73
Sha1:   e4fb3286c17cb7bc8d9f50d9de6a492996e9bd80
Sha256: c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /500da/assets/img/1440x565-ftblue-other.jpg HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 23 Sep 2022 13:46:55 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 65879
Keep-Alive: timeout=5, max=1149
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2018:02:23 11:30:46], baseline, precision 8, 1440x565, components 3\012- data
Size:   65879
Md5:    01460094e2d6c39a79efeac9725d8827
Sha1:   84913c508530e4b3ea912144be758b40d358f037
Sha256: a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /500da/assets/img/favicon.png HTTP/1.1 
Host: requireloginaccesspage-53rd.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://requireloginaccesspage-53rd.duckdns.org/500da/

                                         
                                         162.214.54.207
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 23 Sep 2022 13:46:56 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 02:27:58 GMT
Accept-Ranges: bytes
Content-Length: 1814
Keep-Alive: timeout=5, max=1148
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1814
Md5:    3bf542c74fd58eaca23c6ce2afa8ae4f
Sha1:   bbb516e3c7ed858eb951e678f5c170f1825a8fe6
Sha256: 243756cacc67ac3fcca021ec29c5341d58e644135492ba290ee9ad5c9a2ef72e

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F155952bd-256a-4103-9017-437efcfb03bf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7005
x-amzn-requestid: c805d882-7a00-4abd-a239-d8313d7df0c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4aBwEaMIAMF09A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd6d7-6d6a417f10c9628a16d438e1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:42:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7edV0FJytVSpHH-WkCiYzhW1JP4L6i6bpPCq9MTxPdhwFQTryf06BQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:53:16 GMT
age: 57222
etag: "4584bff61bf4d5c9b8fd3b97c048a8e6975e4323"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7005
Md5:    1985a957e6bc0c15d8489fa731e7f14e
Sha1:   4584bff61bf4d5c9b8fd3b97c048a8e6975e4323
Sha256: 9f3e1fd6e18d85d4f6645d077da643a3bc2cca611d5e85f534ba798102dca243