r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13946
Expires: Fri, 24 Mar 2023 23:38:15 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive
xdoakgvnvc.duckdns.org/
199.167.138.75200 OK 2.7 kB IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash dfb42051ef48382e452306aa902fb81b
e82c224d66ee820c00f055d6a3e12b6162cbd45c
bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Malware
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/html
Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405b0db-2dbd"
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9025
Expires: Fri, 24 Mar 2023 22:16:14 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7637
Expires: Fri, 24 Mar 2023 21:53:06 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 19:15:17 GMT
content-type: application/json
age: 1832
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sTk1GpAGtUKRQ00tQoZysdM4BE30vBjezFdn99F6OYv0yaFvurUBlrumHNZGpueaUifqauZF0Zs=
x-amz-request-id: C7BGDJFT9BP633Z8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 18:54:37 GMT
age: 3072
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 19:45:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xdoakgvnvc.duckdns.org/index/patch.css
199.167.138.75200 OK 103 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/patch.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash 9fb36388079d1c1bcacf56a90667c2b7
34b6de188790e1966c7b7773a3267c9c476506fb
aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/patch.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 103
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Connection: keep-alive
ETag: "634fdab0-67"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/index/autop2022.css
199.167.138.75200 OK 12 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/autop2022.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f1f175ba60778d6c5edc6810a383f093
f3081243b57871612536be750fcc0d65cd88a3b3
4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/autop2022.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdcce-10597"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/index/floating_bnr.css
199.167.138.75200 OK 1.4 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/floating_bnr.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 193d7f2e6dcd5d6b9e4d5b63e011f654
7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b
14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/floating_bnr.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-1066"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/web_font.css
199.167.138.75200 OK 659 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/web_font.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 44afde52eb764fb8dc3bdc93fa5bc5de
2ba406581c1ec0adc6ea7d38a30e034b33ba50d3
7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/web_font.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-60b"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/common.css
199.167.138.75200 OK 757 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/common.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (1310), with no line terminators
Hash e02bbaac73c3252d7ce5a435be84b161
47837f273a056846417d6a3bbe6afbdcda6eebd8
3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-532"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/2.js
199.167.138.75200 OK 2.4 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/2.js
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 329721f20b80af5fb1280099bddaac27
688f423b54134281a440627a7908e69eb1689251
f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Malware
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /2.js HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6401c5a0-1322"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/common_smt.css
199.167.138.75200 OK 2.7 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/common_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (10295), with no line terminators
Hash d0927936c38bfcd930ca3da5e3c52ee5
4a8b8ad3ad04e9f64f869a835a98140af50db2ec
2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-2839"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/parts.css
199.167.138.75200 OK 460 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/parts.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (460), with no line terminators
Hash e00eaa3e7d77d4e20ddf0474a2fb6f29
fc6083084099010bd8ff85ac030a0e8dfe546df3
888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 460
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-1cc"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/header_smt.css
199.167.138.75200 OK 4.1 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/header_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a36d01f2f8d693c5c0a054f807c180cf
7cfe2395344f2fdf1750a470369921187bdd8655
310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405611a-4523"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/footer_smt.css
199.167.138.75200 OK 1.8 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/footer_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (6309), with no line terminators
Hash 843e7c6c055493afb4ad28904f9fd86c
a2270b1eb98446c961f0dec5a2b26b0ff622a1f6
e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/footer_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-18b9"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/parts_smt.css
199.167.138.75200 OK 12 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/parts_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (57426), with no line terminators
Hash ff1cb1d0787b0bec22ed7b8b043100b4
11e0eb3d35e94aad982f5bd35869504e115eb679
992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-e056"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 87240d30a67f0737530bc26979e7d69d
e5c6d183c4c72377a896a6c6870a22ba59ff110e
47fecdf69d4c7f69f2c63be831c5bc2425b983987925278e44bfa8e62830c9c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47FECDF69D4C7F69F2C63BE831C5BC2425B983987925278E44BFA8E62830C9C2"
Last-Modified: Fri, 24 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10200
Expires: Fri, 24 Mar 2023 22:35:49 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive
xdoakgvnvc.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
199.167.138.75200 OK 115 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators
Size 115 kB (114640 bytes)
Hash 54598c23fa78de05f6527eed7fa80ed1
7085981e4eb347229902592d30938ca8afd2173c
e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-de4ea"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/header_branding_smt.css
199.167.138.75200 OK 846 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/header_branding_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash a361c29b4c965358cde21dc4e9305dcc
819bbc08ba6f276426d44065f6d2c64f4984fe89
c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_branding_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 846
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-34e"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/header_banner_smt.css
199.167.138.75200 OK 655 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/header_banner_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (1883), with no line terminators
Hash 032a9ee46864dbe108b7bba2b6871471
d1ddc8b64b623190429eda145c6650492917403e
82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_banner_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-75b"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/dynavi_smt.css
199.167.138.75200 OK 694 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/dynavi_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c7e1ee0df3ac5772ea986fa4f8ecdebb
7d20151c9d567ada03df72c00e2f86fc89748eb1
e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/dynavi_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-6f5"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/chat_tool_smt.css
199.167.138.75200 OK 2.8 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/chat_tool_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 37aaa7f5615d074bc553efd229e73e86
b7bdf072c7b46e3db234e5dec0792538d3e7a533
bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/chat_tool_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-27ad"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 19:17:23 GMT
age: 1706
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
xdoakgvnvc.duckdns.org/statica/add_modules_smt.css
199.167.138.75200 OK 1.3 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/add_modules_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 1c72c54c8c25879029967d3b1bdcd731
d99e365e83b8a9d9b9a24afe567b6650e45dc9e7
043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/add_modules_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-11fd"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/parts_smt-v2-btn.css
199.167.138.75200 OK 592 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/parts_smt-v2-btn.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash e63ea98f8d1d1bfb1c7f4fbf7ec29ddc
4756a4950b86b3ac17cca82ce5df9107354fe09b
a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2-btn.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 592
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-250"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/osp_parts_ex_smt.css
199.167.138.75200 OK 1.1 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/osp_parts_ex_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4454), with no line terminators
Hash 2c1d9b4379f5d13dec96a1b31c2c8d8d
4ffc40dde93db4259381bb655236a5a48bd94f4d
e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/osp_parts_ex_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-1166"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/new_footer_user_assessment_log.css
199.167.138.75200 OK 1.8 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/new_footer_user_assessment_log.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (9069), with no line terminators
Hash 3266b365ae2e86e1c4b91925158a6ea0
e1785a5abdc9c771fd06045dd45ec595973ac981
48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/new_footer_user_assessment_log.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-236d"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/font.css
199.167.138.75200 OK 224 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/font.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9e271e79969e236d11e5d6c330a27e4c
f3228388293e37e68c505d8675a7424e48f83c92
49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/font.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 224
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-e0"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kY9XGPNA2+Xxwj8hu6bBnw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cQJSIDT+FUpl1YDzRwtYExzQ5pw=
Date: Fri, 24 Mar 2023 19:45:50 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xdoakgvnvc.duckdns.org/statica/slick.css
199.167.138.75200 OK 1.4 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/slick.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (4948), with no line terminators
Hash 88b54e9bef8c3f14fa0081cfd81c2ee9
f37ba369a45a01e0671140504acddb4ef6890785
b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/slick.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-135c"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/index_smt.css
199.167.138.75200 OK 1.2 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/index_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 19709a1db45f457eaae000605a66c81b
49107bd2722d4b8a63cf89f911bcec873295d5cd
3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/index_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef6-1025"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/l3-base.css
199.167.138.75200 OK 6.4 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/l3-base.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (41105), with CRLF line terminators
Hash 97abe39b078280fdeac27588893a4184
15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3
d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3-base.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-a093"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
199.167.138.75200 OK 45 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (8432)
Hash d08aa4e09fbd9fc0e4b37cd033bff0be
d88de5246609ba1a9de33e3c9c3c291bc1191a1c
23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640566f2-6bf0e"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/style.css
199.167.138.75200 OK 9.1 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/style.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c11a448cf6d6782004873cbd74bcb3c6
97b3b4dbc45777cfee7df6c52ded36f739909c6b
ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/style.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64056790-f213"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/rf2-style.css
199.167.138.75200 OK 8.3 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/rf2-style.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (37237)
Hash 7d756a6c2884ef06889eb91355f6548a
2e4c1667f6243e63e5bcca8e81416d0e8bfb6506
a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/rf2-style.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6e-91d6"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/header_dpoint_area.css
199.167.138.75200 OK 2.0 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/header_dpoint_area.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash d2d019a46a5af2d55d12762ca9c52311
dcf6961dc5c9f240577d9087ece402c36fb456ae
2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_dpoint_area.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faefe-2472"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/index/common1.css
199.167.138.75200 OK 734 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/common1.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash dee10f0aebfbcff35bfd219678bb42d2
007221fb5e14cf49a68a825829ad0cf7dcf9d3c1
fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/common1.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 734
Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT
Connection: keep-alive
ETag: "640599ba-2de"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/1.js
199.167.138.75200 OK 2.4 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/1.js
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 02ffef9274ad266daf86135590207648
97511eb0f9946b7f24b4eb0056ea424a22d039f4
518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Malware
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /1.js HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640c51ae-1322"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/l3.css
199.167.138.75200 OK 58 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/l3.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (65536), with no line terminators
Hash 30ba2bd45c9c1f382f477bb670a2938c
8433af88f080303a8fe4a52ddb25cfe515aa23e1
3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-9bab0"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
xdoakgvnvc.duckdns.org/statica/logo.png
199.167.138.75200 OK 6.9 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/logo.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data
Hash ef6107ae35cb87273f441b64e82b6812
821cdfb9557e2bfdc8b418c0262202c563c31a08
e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 6850
Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT
Connection: keep-alive
ETag: "640569b4-1ac2"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/7.jpg
199.167.138.75200 OK 124 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/7.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data
Size 124 kB (123911 bytes)
Hash b1cd37bcabd72297a68bf6cfe764de4c
6c035767206f56e4efd46f65cec33d0fdfa73fd2
740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/7.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 123911
Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "6405aef6-1e407"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/5.jpg
199.167.138.75200 OK 138 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/5.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data
Size 138 kB (138352 bytes)
Hash 5b02a1521c7f166523443e0fae46dac6
084af4802b306557f667a5b316a1ec0ab33d0cde
17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/5.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 138352
Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT
Connection: keep-alive
ETag: "6405aea4-21c70"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/images_osp/common/spacer.gif
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/images_osp/common/spacer.gif
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/spacer.gif HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/common.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
xdoakgvnvc.duckdns.org/index/1.png
199.167.138.75200 OK 180 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/1.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data
Size 180 kB (179864 bytes)
Hash 29a6f30386d344e0efcc14770d0d1d8c
106b1a96e74148d4ace4770a6daad86c4e834f3b
66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/1.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 179864
Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT
Connection: keep-alive
ETag: "6405995e-2be98"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/logo2.png
199.167.138.75200 OK 51 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/logo2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data
Hash c2f9b38d71fa659a844a1b2aa8f59ea6
16162794ffa73014af78b6d4bf5767e49e624ce3
c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 51082
Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "64030bf6-c78a"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
xdoakgvnvc.duckdns.org/statica/1.jpg
199.167.138.75200 OK 119 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/1.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data
Size 119 kB (118591 bytes)
Hash 133901678896931f743ef2d1898a28b8
861d7acdcf76447abaa0f5f9435714fb0770fb70
eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/1.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 118591
Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT
Connection: keep-alive
ETag: "6405ae28-1cf3f"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_window03_v2.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_window03_v2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
xdoakgvnvc.duckdns.org/statica/2.jpg
199.167.138.75200 OK 158 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/2.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data
Size 158 kB (157972 bytes)
Hash c4181b57111ba6ae847eb865cf7ca451
9eb56efd39dc96af60a119b134ec9b46b6a1e80d
c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/2.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 157972
Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT
Connection: keep-alive
ETag: "6405ae26-26914"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/print.css
199.167.138.75200 OK 50 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/print.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with no line terminators
Hash 8f05cb9cbc138924e9f3d185685ecf69
5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5
480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/print.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 50
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-32"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/index/5.png
199.167.138.75200 OK 8.0 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/5.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data
Hash cec083eb37249a1a1ce260600693308e
e739396204fb0a67470e71198484879fe74ec828
c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/5.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 8029
Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT
Connection: keep-alive
ETag: "6405a4d0-1f5d"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/index/4.png
199.167.138.75200 OK 15 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/4.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash 57eba58913d5c25bfe947a19b626a1b1
c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff
07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/4.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 14757
Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT
Connection: keep-alive
ETag: "64030a4e-39a5"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/index/3.png
199.167.138.75200 OK 44 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/3.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data
Hash 02d2e385d6c4d7e75ff925a7915282d5
665f598c06b062aa6fe35d4008ee228dab365dab
a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/3.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 44107
Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT
Connection: keep-alive
ETag: "6405a449-ac4b"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/4.jpg
199.167.138.75200 OK 108 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/4.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data
Size 108 kB (108146 bytes)
Hash c7103846b240db4c449ca632246fc3de
c4653a081ded64797cb3c53bd3449e171571fa50
3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/4.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 108146
Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT
Connection: keep-alive
ETag: "635f9478-1a672"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/index/2.png
199.167.138.75200 OK 113 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/index/2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data
Size 113 kB (113029 bytes)
Hash ae1ce68b80e291b2486c2f3b609ec3fc
1841dae5a2ec1248d630e05c7069f06b41d35939
17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 113029
Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT
Connection: keep-alive
ETag: "6405a017-1b985"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/statica/6.jpg
199.167.138.75200 OK 122 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/6.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data
Size 122 kB (121592 bytes)
Hash cb0b9e48faa29bbfcdf5cc35f1696465
b961c9a4ef305c03131e9fe7dc70ae0245596202
66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/6.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: image/jpeg
Content-Length: 121592
Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT
Connection: keep-alive
ETag: "6405ae43-1daf8"
Expires: Sun, 23 Apr 2023 19:45:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
xdoakgvnvc.duckdns.org/statica/3.jpg
199.167.138.75200 OK 188 kB URL HTTP/1.1 xdoakgvnvc.duckdns.org/statica/3.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data
Size 188 kB (188531 bytes)
Hash f1ebd37f4327ecafb79d418b055f059f
ae48973ef810b2e3624abb92b69807898017d593
3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/3.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 188531
Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT
Connection: keep-alive
ETag: "635f9476-2e073"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xdoakgvnvc.duckdns.org/favicon.ico
199.167.138.75404 Not Found 146 B URL HTTP/1.1 xdoakgvnvc.duckdns.org/favicon.ico
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /favicon.ico HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: V_1L8vYf9-uS_-cGgsCstGC__IYpLZjEa0gOlsYgYOWwNJxxXJo83g==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 22:00:02 GMT
age: 78349
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f46d765cbcbbcd9707a21eec12d80002
d9bab36f53de76263a67bc34364e33bed28d35cd
772e85ac55db0fc3ca75329e0197c7caeff466e90b5cf85df7ccb44a85a253f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4438
x-amzn-requestid: ce3cbb97-2a19-4499-8ab7-18cf5f99b5ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK85SG3_oAMFQcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa83b-2750db5d028ac4ac54a865f8;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: g2zDwH5nxCiFG_YS52KdAMx-7NonVOLx79SnmvLWr5szWNv0EtBGEQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 13:46:13 GMT
age: 21578
etag: "d9bab36f53de76263a67bc34364e33bed28d35cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 04db6085e8ec938c1385fb33b32ae036
0f173b8971723ec380a9610b3dda8f64890f6f37
873d5942c34057339f7a9c53a9d4cdc3a0b82f01223f851898da0ebbe0a628bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7482
x-amzn-requestid: 843e4bba-1550-44c4-be10-dd333148f83d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHxFuuIAMFvmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-03f5d2675850409e70748490;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i3f56KYdhzWqiBtE9-vSMBC17mWa0qZfxQb3AmHcNvApYKse8O3DdQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:56:06 GMT
age: 78585
etag: "0f173b8971723ec380a9610b3dda8f64890f6f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bb55b1044454d0db2324a4af956cd51
5aa34545aa2274453b301c74a083034273177cbd
fb7fa8b91ff7374ac6be2df05e1e98194f2adf3ce728b02a66323993145975ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7405
x-amzn-requestid: 9865b715-ff9b-498d-95b3-c728fd3430be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt7E46oAMF1Fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-78b66faf317a7aaf689de782;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: EI1picNm6z4XmZxnCmqbdZv4ok9AqXNvYGy8CtENrRkWLuuLUuETlg==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
etag: "5aa34545aa2274453b301c74a083034273177cbd"
content-type: image/jpeg
age: 79352
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d6ed667dad0c17b3f1697f6ad5f1dd2
9eff2b1900bc9788dfbff11fce69cc7c944b1fc1
ec0f7b928c7efd46d2679477acd9f3bf0b335f31b9739c4e925b23bd5cd16a05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8385
x-amzn-requestid: 70d658a2-706c-428d-b232-d4a343556e55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8IUHv7IAMF8BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73ce-4288c6f05be90c543a5adb5a;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:58 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 00pLSzTvmnnvhdLG4rOtVPVM_F2rfQXus98AyXsY129ejW-1Y-UblQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 01:36:32 GMT
age: 65359
etag: "9eff2b1900bc9788dfbff11fce69cc7c944b1fc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vOBDFA2LzOIp_0dMXApotrithfiToWtpM2xMRyx1pWAE86olKT6EpQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 02:36:43 GMT
age: 61748
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2