Report - emtet.duckdns.org/

Report Overview

Submitted URL
emtet.duckdns.org/
IP
35.194.193.220
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2023-01-02 05:48:42
Access
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
11
Network Intrusion Detection
14
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
emtet.duckdns.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	35.194.193.220
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.69.31
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	65 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-02 05:48:23	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-01-02 05:48:23	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-01-02 05:48:23	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-01-02 05:48:23	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:24	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:25	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-02 05:48:25	medium	Client IP	35.194.193.220	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.
2023-01-01	medium	emtet.duckdns.org/	Facebook, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-02	medium	emtet.duckdns.org/	Phishing
2023-01-02	medium	emtet.duckdns.org/data/css/7.svg	Phishing
2023-01-02	medium	emtet.duckdns.org/data/css/2.ico	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (0)

HTTP Transactions (29)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
116c0a4485584a949c2edff4a949549f
de064c35dd7ce008d69932915ddb3d04fe7f2eeb
4fc3e38254e220857100a1b2a7c96209fc9d1141ccfb9057181da9745e78fb8e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FC3E38254E220857100A1B2A7C96209FC9D1141CCFB9057181DA9745E78FB8E"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14882
Expires: Mon, 02 Jan 2023 09:56:33 GMT
Date: Mon, 02 Jan 2023 05:48:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8afcbdfc50b3ac9488d629a1a4923b81
933fe7b84c2fbd931da70e92c86fa89110e7cfe7
9857b3b813177c23f90a7e53c7ec1f878362b1da27bc19493bebffc358a4b852

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9857B3B813177C23F90A7E53C7EC1F878362B1DA27BC19493BEBFFC358A4B852"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9318
Expires: Mon, 02 Jan 2023 08:23:49 GMT
Date: Mon, 02 Jan 2023 05:48:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 02 Jan 2023 05:47:23 GMT
content-type: application/json
age: 68
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e71f8c03e957e6b1526fc3f1537b3d95
6f1e5a549978b3cc67fa6142fd4bf45d2730bf71
29e3d9e5d2fec1b8e13beafa7970157db0c8b07392c4dd53fc033b609f2fc7ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29E3D9E5D2FEC1B8E13BEAFA7970157DB0C8B07392C4DD53FC033B609F2FC7AD"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3047
Expires: Mon, 02 Jan 2023 06:39:18 GMT
Date: Mon, 02 Jan 2023 05:48:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: VqrS3w4zvCxV4H0GmRAnm/45hT5u60a71OZxxn0sYtXSOzhxCmUAD6l81+VLRcU0ewBkMxe6R3c=
x-amz-request-id: XFRDKJJ2PAMXRMTZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 02 Jan 2023 04:58:08 GMT
age: 3023
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 05:48:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

emtet.duckdns.org/

35.194.193.220

200 OK

3.4 kB

URL HTTP/1.1
emtet.duckdns.org/
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2733), with CRLF line terminators
Size
3.4 kB (3358 bytes)
Hash
7aff264ca89e00956a05b0cc8537f99d
a1e2ffcb92ed17cd4fa53d3785d178085e671b08
9f6a899f66a60d4e8f11fc09d536662d6768f8dddd7d161272bb720a7ec37272

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 02 Jan 2023 05:33:35 GMT
age: 897
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

emtet.duckdns.org/data/css/xv165oDvQLn.css

35.194.193.220

200 OK

3.5 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/xv165oDvQLn.css
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (1591), with CRLF line terminators
Size
3.5 kB (3517 bytes)
Hash
5105fee8a16eaf42097a61c13d899d5e
a8333625c78502a7de7be395f12094afb126b36e
f44018e8c892595ee90f06924858ff1db99597001da93d8721fb9b901ae8b7ce

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/xv165oDvQLn.css HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Dec 2022 12:42:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63ad8b22-2bdb"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Content-Encoding: gzip

emtet.duckdns.org/data/css/vU7sqaUXp1b.css

35.194.193.220

200 OK

8.5 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/vU7sqaUXp1b.css
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (4404)
Size
8.5 kB (8476 bytes)
Hash
ac41a83adecccd4e7ad5531c16954164
efcc8bb6cd7c8eac1205e3a226c441493fcbef11
d96c1b894a643e6d38984a38e3baaf4dc7ab6fe3840ae079028bcd5f6618a51c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/vU7sqaUXp1b.css HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Dec 2022 13:46:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63ad9a41-8b92"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e2a99db6956684dc306ada584f1907d8
21c3fc85b00308907c1cffcb36b1ba1a4617f613
cf568c4a26fb352228e849b18fbca0f6fd3b3a89055cd5f4fc0cdd11f9b9733e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5090
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 05:48:32 GMT
Last-Modified: Mon, 02 Jan 2023 04:23:42 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

emtet.duckdns.org/data/css/uaRUZk18yNI.css

35.194.193.220

200 OK

579 B

URL HTTP/1.1
emtet.duckdns.org/data/css/uaRUZk18yNI.css
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (1309), with CRLF line terminators
Size
579 B (579 bytes)
Hash
ddae70918cc9e4deff882d58ee1dbef8
a23744e31b05494986ebe492e7226ddd855a0bf7
abb4561469d8e34d0aa9ee91146e5b386e1afbde52d43925283c26f7f5c25ea4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/uaRUZk18yNI.css HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Dec 2022 13:47:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63ad9a7b-56f"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Content-Encoding: gzip

emtet.duckdns.org/data/css/pYrjM7I1_Bh.css

35.194.193.220

200 OK

3.9 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/pYrjM7I1_Bh.css
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (3836), with CRLF line terminators
Size
3.9 kB (3886 bytes)
Hash
7d7ee17b52d94cf6c12196f291996e6d
3c7bb916a28502b03bbdc6caa51a41dfd08f8aa9
0804f09b0972faaec2a1a3cbc4fc07e5565b2141b20db142aa2d0f324aba58bf

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/pYrjM7I1_Bh.css HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Dec 2022 12:42:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63ad8b22-39f7"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Content-Encoding: gzip

emtet.duckdns.org/data/css/M9-wRs3fjiV.css

35.194.193.220

200 OK

1.4 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/M9-wRs3fjiV.css
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (3352), with CRLF line terminators
Size
1.4 kB (1364 bytes)
Hash
480cb08b2e173c5079a401c0603abf84
c10d82cc5d9167b83bebc82fffb77d20a1cbcb46
35a0484395da3d404ea7f0eb3870716b32d6c8c972314b40cc4cb3a469cf15c0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/M9-wRs3fjiV.css HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Dec 2022 12:42:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63ad8b22-14f1"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Content-Encoding: gzip

push.services.mozilla.com/

54.148.69.31

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.69.31:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JszC+Kc/nV5rxdKZTTxtng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iu/F8lHfASTss7NpoyNlN6v6xPU=

emtet.duckdns.org/data/css/7.svg

35.194.193.220

200 OK

2.4 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/7.svg
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2384)
Size
2.4 kB (2385 bytes)
Hash
ebd8798bc32c86494851a07770e04e63
b5461dc8f5f5f848033441d506ee05d48742438b
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/7.svg HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: image/svg+xml
Content-Length: 2385
Last-Modified: Thu, 29 Dec 2022 13:49:32 GMT
Connection: keep-alive
ETag: "63ad9aec-951"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Accept-Ranges: bytes

emtet.duckdns.org/data/css/6.png

35.194.193.220

200 OK

95 B

URL HTTP/1.1
emtet.duckdns.org/data/css/6.png
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
39c11d656220efd52f4965400d14900a
327050099cee8d1ad81e7bfbe5ca2ea057780a87
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/6.png HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/data/css/uaRUZk18yNI.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: image/png
Content-Length: 95
Last-Modified: Thu, 29 Dec 2022 13:47:28 GMT
Connection: keep-alive
ETag: "63ad9a70-5f"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Accept-Ranges: bytes

emtet.duckdns.org/data/css/2.png

35.194.193.220

200 OK

20 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/2.png
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
PNG image data, 283 x 303, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20216 bytes)
Hash
e98d98e5c9ff9baba26ebf330af43d73
635040ed395bbe0100cf268542a6073bebfb6413
7cbcd0e472af08157611255d6b7fbffb676885668fd869b8ba4a6f3702be0133

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/2.png HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/data/css/vU7sqaUXp1b.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:32 GMT
Content-Type: image/png
Content-Length: 20216
Last-Modified: Thu, 29 Dec 2022 13:37:38 GMT
Connection: keep-alive
ETag: "63ad9822-4ef8"
Expires: Wed, 01 Feb 2023 05:48:32 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Accept-Ranges: bytes

emtet.duckdns.org/data/css/2.ico

35.194.193.220

200 OK

4.3 kB

URL HTTP/1.1
emtet.duckdns.org/data/css/2.ico
IP
35.194.193.220:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
8cddca427dae9b925e73432f8733e05a
1999a6f624a25cfd938eef6492d34fdc4f55dedc
89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /data/css/2.ico HTTP/1.1
Host: emtet.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://emtet.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 05:48:33 GMT
Content-Type: image/x-icon
Content-Length: 4286
Last-Modified: Thu, 29 Dec 2022 12:42:10 GMT
Connection: keep-alive
ETag: "63ad8b22-10be"
Expires: Wed, 01 Feb 2023 05:48:33 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5871
Expires: Mon, 02 Jan 2023 07:26:24 GMT
Date: Mon, 02 Jan 2023 05:48:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5871
Expires: Mon, 02 Jan 2023 07:26:24 GMT
Date: Mon, 02 Jan 2023 05:48:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5871
Expires: Mon, 02 Jan 2023 07:26:24 GMT
Date: Mon, 02 Jan 2023 05:48:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5871
Expires: Mon, 02 Jan 2023 07:26:24 GMT
Date: Mon, 02 Jan 2023 05:48:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d29255f-f540-450b-8d59-1e6b35f5d01b.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d29255f-f540-450b-8d59-1e6b35f5d01b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12868 bytes)
Hash
ac7496c474f45f104b2758c512c963f1
3b4008098440fe23359ee5ac2ef2253fe1e78799
90b5dd0b09673aae811d960e120890aa197ae845fa1cdff9cd43f1e02f71089e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d29255f-f540-450b-8d59-1e6b35f5d01b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12868
x-amzn-requestid: cf7cb1ab-b42d-4a85-8cd8-4d23642bd9da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eCvTxFwyIAMFYgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0f8e4-5a3406e57652aa2701b85929;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 03:07:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d5ZbyTUy2uTh5SYAR4mATvCKwjyV2D8M08C9r9Bhoc2y0Z3w8IjOiw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 02 Jan 2023 03:09:49 GMT
age: 9524
etag: "3b4008098440fe23359ee5ac2ef2253fe1e78799"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6c2763-3047-4d8a-adab-82148ff57727.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7660 bytes)
Hash
dc62c3ca8bc387a91c7d4711b5bc2409
7a984b459227e11984faa2539569a90875a58d29
e14a0e22b58fc1f3f392b842573e3abff7b24eb66db6b351046a186acc3b2954

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6c2763-3047-4d8a-adab-82148ff57727.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7660
x-amzn-requestid: 9338abf2-1191-47da-95ff-0a201604fbc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d-sKCEDhoAMFZ4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63af5a40-433f4ba9780dbc7a485ccbe9;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 21:38:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZCKSB-MwWwP2KTj7XMSHOZZcse5xmPE0JtkkBSLGnWqJdNyr-5oQzQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:51:59 GMT
age: 28594
etag: "7a984b459227e11984faa2539569a90875a58d29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb10ff957-5c4b-4503-8a93-c156251c7d8c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8042 bytes)
Hash
5cba3e16ed43e2d6fdab08958cd1a2e9
580e9e9c2cf164a36b963c4d13ebf21ee20d000e
fe97aea99a0cfc1add09c0ad655867e49a662aaad2f6902431f67f016bdf63de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb10ff957-5c4b-4503-8a93-c156251c7d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8042
x-amzn-requestid: f4ff8469-ddb1-4303-a552-a8e00eeb7e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFSNuFS3oAMFRow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fd8a-160adaf35160829903fc48d9;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2oM6q4jGNBvZM04Ft9Ur7Kk9Z_ZODh6v5YrOIKDlZGQ1CAk_I9aakw==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:54:12 GMT
age: 28461
etag: "580e9e9c2cf164a36b963c4d13ebf21ee20d000e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb9e048a-d832-4c9c-bbf4-523cf2df949e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10904 bytes)
Hash
63e10036442be6087f22f671351bfcf4
d23fda523cd1581a497c1e8d93b6a3a65bbbd05d
bd17928141e8ba15eaf14f140f9cc6648502da10bef74dab32e1790f68d150d7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb9e048a-d832-4c9c-bbf4-523cf2df949e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10904
x-amzn-requestid: e672bb95-0521-41e2-b44d-18d108768f0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFRyVGO0IAMFfsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fcdb-2e2b0c1e73840de93343ce08;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:36:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RoBgvzAMnMxF47CsTpw8nEsyCcYeCsElL-FWeEE2G-c6lvPTR-6qqw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:48:43 GMT
age: 28790
etag: "d23fda523cd1581a497c1e8d93b6a3a65bbbd05d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4257ad28-284d-4097-833e-46c10e7e821c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9461 bytes)
Hash
d24938cd841215227aa0cf216dd3fe03
10be50c441c19542d419bb103499cb7460735f54
b5cd96b6ee8799ccea59abd1129e1599b5f682604c48c54126fd6c8ccef1f492

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4257ad28-284d-4097-833e-46c10e7e821c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9461
x-amzn-requestid: 88757846-7eae-4cfe-941b-20ad5a1ca562
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFRxsHSWoAMFscQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fcd7-3790be59473b7101219694fa;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0E45_M_Znsaqr3Y6foCj6yksP_Lh5JmnmwCdyYkxfFaf__KuYnCWbg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:50:30 GMT
age: 28683
etag: "10be50c441c19542d419bb103499cb7460735f54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf86a4d4-d187-4199-b789-48ed7b12b68c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10036 bytes)
Hash
d632b1666de6a64512941efcbe64cb0e
9f72a2f67a6c0365b7667edc91b2b954847b15e0
d002d7a247939a94c76fe00aa304afa28bfe6bf4827e4fde625593d0f1f3597a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf86a4d4-d187-4199-b789-48ed7b12b68c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10036
x-amzn-requestid: 41bfcbb1-3cd0-417c-b1c6-954abb968ec3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFSD5HgeIAMFt6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fd4b-55beac627a99008106cf3b12;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:38:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: huyycDByN62r__fKfqx031YqGth7lOWe9LHsGmfhRiYx3ygtKUfvVg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:55:23 GMT
age: 28390
etag: "9f72a2f67a6c0365b7667edc91b2b954847b15e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (0)

HTTP Transactions (29)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type