Report - xdoakgvnvc.duckdns.org/

Report Overview

Submitted URL
xdoakgvnvc.duckdns.org/
IP
199.167.138.75
ASN
#15162 NETMINDERS-SERVER-HOSTING
Submitted
2023-03-24 19:46:00
Access
public
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
55
Network Intrusion Detection
58
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	3.0 kB	8.0 kB	23.36.77.32
xdoakgvnvc.duckdns.org	unknown	2023-03-24T14:09:57Z	2023-03-24T16:30:17Z	20 kB	1.7 MB	199.167.138.75
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	238 B	34.117.65.55
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	48 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-24 19:46:00	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-24 19:46:00	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-24 19:46:00	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:00	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:01	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-24 19:46:02	medium	Client IP	199.167.138.75	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-24	medium	xdoakgvnvc.duckdns.org/	Malware
2023-03-24	medium	xdoakgvnvc.duckdns.org/2.js	Malware
2023-03-24	medium	xdoakgvnvc.duckdns.org/1.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	xdoakgvnvc.duckdns.org/1.js	4.9 kB	2023-03-26	2023-03-29
Pretty URL xdoakgvnvc.duckdns.org/1.js IP 199.167.138.75 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:48:20 Last Seen2023-03-29 23:11:46 Times Seen33 Hash c5208d5e870b61a00ac02f58c8237491 ac2e590e53e9f64723fada6e7f10ca5a97891569 936b4c4ac3c2c2d86d4aa7a07edbb86986253e4cad33c9d95d9fdc745197925c Loading...

	xdoakgvnvc.duckdns.org/2.js	4.9 kB	2023-03-14	2023-03-29
Pretty URL xdoakgvnvc.duckdns.org/2.js IP 199.167.138.75 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 19:24:45 Last Seen2023-03-29 23:11:46 Times Seen34 Hash 58595bc88dd362941bc44fe5a35e11ba fa7ff271597f3b8bbfb2d074b243ede3b69be2d1 415e4406137478f757e371d598c6a35611823cb36b19855ad34216ece2aeb235 Loading...

	xdoakgvnvc.duckdns.org/	234 B	2023-03-14	2023-03-29
Pretty URL xdoakgvnvc.duckdns.org/ IP 199.167.138.75 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 19:24:45 Last Seen2023-03-29 23:11:46 Times Seen34 Hash 5969091fe3ae41b028fbbcd3e0459cd0 51dc941435921449d6ccd155c6b8cf130e83b58b ef4d09ec48eacdd67f556babbfccfce692ec512ec4b756064f15687a7ed805b2 Loading...

HTTP Transactions (74)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13946
Expires: Fri, 24 Mar 2023 23:38:15 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive

xdoakgvnvc.duckdns.org/

199.167.138.75

200 OK

2.7 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.7 kB (2677 bytes)
Hash
dfb42051ef48382e452306aa902fb81b
e82c224d66ee820c00f055d6a3e12b6162cbd45c
bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/html
Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405b0db-2dbd"
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9025
Expires: Fri, 24 Mar 2023 22:16:14 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7637
Expires: Fri, 24 Mar 2023 21:53:06 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 19:15:17 GMT
content-type: application/json
age: 1832
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sTk1GpAGtUKRQ00tQoZysdM4BE30vBjezFdn99F6OYv0yaFvurUBlrumHNZGpueaUifqauZF0Zs=
x-amz-request-id: C7BGDJFT9BP633Z8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 18:54:37 GMT
age: 3072
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 19:45:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

xdoakgvnvc.duckdns.org/index/patch.css

199.167.138.75

200 OK

103 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/patch.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with CRLF line terminators
Size
103 B (103 bytes)
Hash
9fb36388079d1c1bcacf56a90667c2b7
34b6de188790e1966c7b7773a3267c9c476506fb
aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/patch.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 103
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Connection: keep-alive
ETag: "634fdab0-67"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/index/autop2022.css

199.167.138.75

200 OK

12 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/autop2022.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
12 kB (11961 bytes)
Hash
f1f175ba60778d6c5edc6810a383f093
f3081243b57871612536be750fcc0d65cd88a3b3
4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/autop2022.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdcce-10597"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/index/floating_bnr.css

199.167.138.75

200 OK

1.4 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/floating_bnr.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
1.4 kB (1441 bytes)
Hash
193d7f2e6dcd5d6b9e4d5b63e011f654
7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b
14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/floating_bnr.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-1066"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/web_font.css

199.167.138.75

200 OK

659 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/web_font.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text
Size
659 B (659 bytes)
Hash
44afde52eb764fb8dc3bdc93fa5bc5de
2ba406581c1ec0adc6ea7d38a30e034b33ba50d3
7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/web_font.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-60b"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/common.css

199.167.138.75

200 OK

757 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/common.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (1310), with no line terminators
Size
757 B (757 bytes)
Hash
e02bbaac73c3252d7ce5a435be84b161
47837f273a056846417d6a3bbe6afbdcda6eebd8
3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/common.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-532"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/2.js

199.167.138.75

200 OK

2.4 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/2.js
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (4898), with no line terminators
Size
2.4 kB (2384 bytes)
Hash
329721f20b80af5fb1280099bddaac27
688f423b54134281a440627a7908e69eb1689251
f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /2.js HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6401c5a0-1322"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/common_smt.css

199.167.138.75

200 OK

2.7 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/common_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (10295), with no line terminators
Size
2.7 kB (2652 bytes)
Hash
d0927936c38bfcd930ca3da5e3c52ee5
4a8b8ad3ad04e9f64f869a835a98140af50db2ec
2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/common_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-2839"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/parts.css

199.167.138.75

200 OK

460 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/parts.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (460), with no line terminators
Size
460 B (460 bytes)
Hash
e00eaa3e7d77d4e20ddf0474a2fb6f29
fc6083084099010bd8ff85ac030a0e8dfe546df3
888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/parts.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 460
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-1cc"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/header_smt.css

199.167.138.75

200 OK

4.1 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/header_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
4.1 kB (4075 bytes)
Hash
a36d01f2f8d693c5c0a054f807c180cf
7cfe2395344f2fdf1750a470369921187bdd8655
310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/header_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405611a-4523"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/footer_smt.css

199.167.138.75

200 OK

1.8 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/footer_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (6309), with no line terminators
Size
1.8 kB (1753 bytes)
Hash
843e7c6c055493afb4ad28904f9fd86c
a2270b1eb98446c961f0dec5a2b26b0ff622a1f6
e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/footer_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-18b9"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/parts_smt.css

199.167.138.75

200 OK

12 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/parts_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (57426), with no line terminators
Size
12 kB (11983 bytes)
Hash
ff1cb1d0787b0bec22ed7b8b043100b4
11e0eb3d35e94aad982f5bd35869504e115eb679
992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/parts_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-e056"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
87240d30a67f0737530bc26979e7d69d
e5c6d183c4c72377a896a6c6870a22ba59ff110e
47fecdf69d4c7f69f2c63be831c5bc2425b983987925278e44bfa8e62830c9c2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47FECDF69D4C7F69F2C63BE831C5BC2425B983987925278E44BFA8E62830C9C2"
Last-Modified: Fri, 24 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10200
Expires: Fri, 24 Mar 2023 22:35:49 GMT
Date: Fri, 24 Mar 2023 19:45:49 GMT
Connection: keep-alive

xdoakgvnvc.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css

199.167.138.75

200 OK

115 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators
Size
115 kB (114640 bytes)
Hash
54598c23fa78de05f6527eed7fa80ed1
7085981e4eb347229902592d30938ca8afd2173c
e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-de4ea"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/header_branding_smt.css

199.167.138.75

200 OK

846 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/header_branding_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
846 B (846 bytes)
Hash
a361c29b4c965358cde21dc4e9305dcc
819bbc08ba6f276426d44065f6d2c64f4984fe89
c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/header_branding_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Content-Length: 846
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-34e"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/header_banner_smt.css

199.167.138.75

200 OK

655 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/header_banner_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (1883), with no line terminators
Size
655 B (655 bytes)
Hash
032a9ee46864dbe108b7bba2b6871471
d1ddc8b64b623190429eda145c6650492917403e
82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/header_banner_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-75b"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/dynavi_smt.css

199.167.138.75

200 OK

694 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/dynavi_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
694 B (694 bytes)
Hash
c7e1ee0df3ac5772ea986fa4f8ecdebb
7d20151c9d567ada03df72c00e2f86fc89748eb1
e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/dynavi_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-6f5"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/chat_tool_smt.css

199.167.138.75

200 OK

2.8 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/chat_tool_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
2.8 kB (2782 bytes)
Hash
37aaa7f5615d074bc553efd229e73e86
b7bdf072c7b46e3db234e5dec0792538d3e7a533
bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/chat_tool_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-27ad"
Expires: Sat, 25 Mar 2023 07:45:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:49 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 19:17:23 GMT
age: 1706
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

xdoakgvnvc.duckdns.org/statica/add_modules_smt.css

199.167.138.75

200 OK

1.3 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/add_modules_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text
Size
1.3 kB (1323 bytes)
Hash
1c72c54c8c25879029967d3b1bdcd731
d99e365e83b8a9d9b9a24afe567b6650e45dc9e7
043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/add_modules_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-11fd"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/parts_smt-v2-btn.css

199.167.138.75

200 OK

592 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/parts_smt-v2-btn.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
592 B (592 bytes)
Hash
e63ea98f8d1d1bfb1c7f4fbf7ec29ddc
4756a4950b86b3ac17cca82ce5df9107354fe09b
a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/parts_smt-v2-btn.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 592
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-250"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/osp_parts_ex_smt.css

199.167.138.75

200 OK

1.1 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/osp_parts_ex_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (4454), with no line terminators
Size
1.1 kB (1059 bytes)
Hash
2c1d9b4379f5d13dec96a1b31c2c8d8d
4ffc40dde93db4259381bb655236a5a48bd94f4d
e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/osp_parts_ex_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-1166"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/new_footer_user_assessment_log.css

199.167.138.75

200 OK

1.8 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/new_footer_user_assessment_log.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (9069), with no line terminators
Size
1.8 kB (1847 bytes)
Hash
3266b365ae2e86e1c4b91925158a6ea0
e1785a5abdc9c771fd06045dd45ec595973ac981
48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/new_footer_user_assessment_log.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-236d"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/font.css

199.167.138.75

200 OK

224 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/font.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
224 B (224 bytes)
Hash
9e271e79969e236d11e5d6c330a27e4c
f3228388293e37e68c505d8675a7424e48f83c92
49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/font.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 224
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-e0"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kY9XGPNA2+Xxwj8hu6bBnw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cQJSIDT+FUpl1YDzRwtYExzQ5pw=
Date: Fri, 24 Mar 2023 19:45:50 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xdoakgvnvc.duckdns.org/statica/slick.css

199.167.138.75

200 OK

1.4 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/slick.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (4948), with no line terminators
Size
1.4 kB (1403 bytes)
Hash
88b54e9bef8c3f14fa0081cfd81c2ee9
f37ba369a45a01e0671140504acddb4ef6890785
b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/slick.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-135c"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/index_smt.css

199.167.138.75

200 OK

1.2 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/index_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
1.2 kB (1151 bytes)
Hash
19709a1db45f457eaae000605a66c81b
49107bd2722d4b8a63cf89f911bcec873295d5cd
3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/index_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef6-1025"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/l3-base.css

199.167.138.75

200 OK

6.4 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/l3-base.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (41105), with CRLF line terminators
Size
6.4 kB (6432 bytes)
Hash
97abe39b078280fdeac27588893a4184
15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3
d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/l3-base.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-a093"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css

199.167.138.75

200 OK

45 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (8432)
Size
45 kB (44804 bytes)
Hash
d08aa4e09fbd9fc0e4b37cd033bff0be
d88de5246609ba1a9de33e3c9c3c291bc1191a1c
23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/parts_smt-v2.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640566f2-6bf0e"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/style.css

199.167.138.75

200 OK

9.1 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/style.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
9.1 kB (9061 bytes)
Hash
c11a448cf6d6782004873cbd74bcb3c6
97b3b4dbc45777cfee7df6c52ded36f739909c6b
ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/style.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64056790-f213"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/rf2-style.css

199.167.138.75

200 OK

8.3 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/rf2-style.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text, with very long lines (37237)
Size
8.3 kB (8285 bytes)
Hash
7d756a6c2884ef06889eb91355f6548a
2e4c1667f6243e63e5bcca8e81416d0e8bfb6506
a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/rf2-style.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6e-91d6"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/header_dpoint_area.css

199.167.138.75

200 OK

2.0 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/header_dpoint_area.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Unicode text, UTF-8 text
Size
2.0 kB (2041 bytes)
Hash
d2d019a46a5af2d55d12762ca9c52311
dcf6961dc5c9f240577d9087ece402c36fb456ae
2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/header_dpoint_area.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faefe-2472"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/index/common1.css

199.167.138.75

200 OK

734 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/common1.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with CRLF line terminators
Size
734 B (734 bytes)
Hash
dee10f0aebfbcff35bfd219678bb42d2
007221fb5e14cf49a68a825829ad0cf7dcf9d3c1
fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/common1.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 734
Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT
Connection: keep-alive
ETag: "640599ba-2de"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/1.js

199.167.138.75

200 OK

2.4 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/1.js
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (4898), with no line terminators
Size
2.4 kB (2385 bytes)
Hash
02ffef9274ad266daf86135590207648
97511eb0f9946b7f24b4eb0056ea424a22d039f4
518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /1.js HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640c51ae-1322"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/l3.css

199.167.138.75

200 OK

58 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/l3.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with very long lines (65536), with no line terminators
Size
58 kB (57845 bytes)
Hash
30ba2bd45c9c1f382f477bb670a2938c
8433af88f080303a8fe4a52ddb25cfe515aa23e1
3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/l3.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-9bab0"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/KDDIto_faq_api_smt.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

xdoakgvnvc.duckdns.org/statica/logo.png

199.167.138.75

200 OK

6.9 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/logo.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6850 bytes)
Hash
ef6107ae35cb87273f441b64e82b6812
821cdfb9557e2bfdc8b418c0262202c563c31a08
e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/logo.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 6850
Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT
Connection: keep-alive
ETag: "640569b4-1ac2"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/7.jpg

199.167.138.75

200 OK

124 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/7.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data
Size
124 kB (123911 bytes)
Hash
b1cd37bcabd72297a68bf6cfe764de4c
6c035767206f56e4efd46f65cec33d0fdfa73fd2
740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/7.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 123911
Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "6405aef6-1e407"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/5.jpg

199.167.138.75

200 OK

138 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/5.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data
Size
138 kB (138352 bytes)
Hash
5b02a1521c7f166523443e0fae46dac6
084af4802b306557f667a5b316a1ec0ab33d0cde
17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/5.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 138352
Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT
Connection: keep-alive
ETag: "6405aea4-21c70"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/images_osp/common/spacer.gif

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/images_osp/common/spacer.gif
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images_osp/common/spacer.gif HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/common.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

xdoakgvnvc.duckdns.org/index/1.png

199.167.138.75

200 OK

180 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/1.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data
Size
180 kB (179864 bytes)
Hash
29a6f30386d344e0efcc14770d0d1d8c
106b1a96e74148d4ace4770a6daad86c4e834f3b
66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/1.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 179864
Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT
Connection: keep-alive
ETag: "6405995e-2be98"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/logo2.png

199.167.138.75

200 OK

51 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/logo2.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data
Size
51 kB (51082 bytes)
Hash
c2f9b38d71fa659a844a1b2aa8f59ea6
16162794ffa73014af78b6d4bf5767e49e624ce3
c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/logo2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 51082
Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "64030bf6-c78a"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_olt.png

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

xdoakgvnvc.duckdns.org/statica/1.jpg

199.167.138.75

200 OK

119 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/1.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data
Size
119 kB (118591 bytes)
Hash
133901678896931f743ef2d1898a28b8
861d7acdcf76447abaa0f5f9435714fb0770fb70
eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/1.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 118591
Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT
Connection: keep-alive
ETag: "6405ae28-1cf3f"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_window03_v2.png

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_window03_v2.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

xdoakgvnvc.duckdns.org/statica/2.jpg

199.167.138.75

200 OK

158 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/2.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data
Size
158 kB (157972 bytes)
Hash
c4181b57111ba6ae847eb865cf7ca451
9eb56efd39dc96af60a119b134ec9b46b6a1e80d
c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/2.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 157972
Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT
Connection: keep-alive
ETag: "6405ae26-26914"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/print.css

199.167.138.75

200 OK

50 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/print.css
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
8f05cb9cbc138924e9f3d185685ecf69
5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5
480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/print.css HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: text/css
Content-Length: 50
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-32"
Expires: Sat, 25 Mar 2023 07:45:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/index/5.png

199.167.138.75

200 OK

8.0 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/5.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
cec083eb37249a1a1ce260600693308e
e739396204fb0a67470e71198484879fe74ec828
c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/5.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 8029
Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT
Connection: keep-alive
ETag: "6405a4d0-1f5d"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/index/4.png

199.167.138.75

200 OK

15 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/4.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (14757 bytes)
Hash
57eba58913d5c25bfe947a19b626a1b1
c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff
07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/4.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 14757
Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT
Connection: keep-alive
ETag: "64030a4e-39a5"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/index/3.png

199.167.138.75

200 OK

44 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/3.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data
Size
44 kB (44107 bytes)
Hash
02d2e385d6c4d7e75ff925a7915282d5
665f598c06b062aa6fe35d4008ee228dab365dab
a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/3.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 44107
Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT
Connection: keep-alive
ETag: "6405a449-ac4b"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/4.jpg

199.167.138.75

200 OK

108 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/4.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data
Size
108 kB (108146 bytes)
Hash
c7103846b240db4c449ca632246fc3de
c4653a081ded64797cb3c53bd3449e171571fa50
3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/4.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 108146
Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT
Connection: keep-alive
ETag: "635f9478-1a672"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/index/2.png

199.167.138.75

200 OK

113 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/index/2.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data
Size
113 kB (113029 bytes)
Hash
ae1ce68b80e291b2486c2f3b609ec3fc
1841dae5a2ec1248d630e05c7069f06b41d35939
17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /index/2.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/png
Content-Length: 113029
Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT
Connection: keep-alive
ETag: "6405a017-1b985"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/statica/6.jpg

199.167.138.75

200 OK

122 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/6.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data
Size
122 kB (121592 bytes)
Hash
cb0b9e48faa29bbfcdf5cc35f1696465
b961c9a4ef305c03131e9fe7dc70ae0245596202
66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/6.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: image/jpeg
Content-Length: 121592
Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT
Connection: keep-alive
ETag: "6405ae43-1daf8"
Expires: Sun, 23 Apr 2023 19:45:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

xdoakgvnvc.duckdns.org/statica/3.jpg

199.167.138.75

200 OK

188 kB

URL HTTP/1.1
xdoakgvnvc.duckdns.org/statica/3.jpg
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data
Size
188 kB (188531 bytes)
Hash
f1ebd37f4327ecafb79d418b055f059f
ae48973ef810b2e3624abb92b69807898017d593
3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /statica/3.jpg HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 19:45:50 GMT
Content-Type: image/jpeg
Content-Length: 188531
Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT
Connection: keep-alive
ETag: "635f9476-2e073"
Expires: Sun, 23 Apr 2023 19:45:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xdoakgvnvc.duckdns.org/favicon.ico

199.167.138.75

404 Not Found

146 B

URL HTTP/1.1
xdoakgvnvc.duckdns.org/favicon.ico
IP
199.167.138.75:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xdoakgvnvc.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xdoakgvnvc.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679687161568%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961568%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679687161575%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679688961575%7D

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Mar 2023 19:45:51 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9547
Expires: Fri, 24 Mar 2023 22:24:58 GMT
Date: Fri, 24 Mar 2023 19:45:51 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10480 bytes)
Hash
6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: V_1L8vYf9-uS_-cGgsCstGC__IYpLZjEa0gOlsYgYOWwNJxxXJo83g==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 22:00:02 GMT
age: 78349
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4438 bytes)
Hash
f46d765cbcbbcd9707a21eec12d80002
d9bab36f53de76263a67bc34364e33bed28d35cd
772e85ac55db0fc3ca75329e0197c7caeff466e90b5cf85df7ccb44a85a253f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4438
x-amzn-requestid: ce3cbb97-2a19-4499-8ab7-18cf5f99b5ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK85SG3_oAMFQcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa83b-2750db5d028ac4ac54a865f8;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: g2zDwH5nxCiFG_YS52KdAMx-7NonVOLx79SnmvLWr5szWNv0EtBGEQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 13:46:13 GMT
age: 21578
etag: "d9bab36f53de76263a67bc34364e33bed28d35cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7482 bytes)
Hash
04db6085e8ec938c1385fb33b32ae036
0f173b8971723ec380a9610b3dda8f64890f6f37
873d5942c34057339f7a9c53a9d4cdc3a0b82f01223f851898da0ebbe0a628bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7482
x-amzn-requestid: 843e4bba-1550-44c4-be10-dd333148f83d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHxFuuIAMFvmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-03f5d2675850409e70748490;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i3f56KYdhzWqiBtE9-vSMBC17mWa0qZfxQb3AmHcNvApYKse8O3DdQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:56:06 GMT
age: 78585
etag: "0f173b8971723ec380a9610b3dda8f64890f6f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7405 bytes)
Hash
9bb55b1044454d0db2324a4af956cd51
5aa34545aa2274453b301c74a083034273177cbd
fb7fa8b91ff7374ac6be2df05e1e98194f2adf3ce728b02a66323993145975ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7405
x-amzn-requestid: 9865b715-ff9b-498d-95b3-c728fd3430be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt7E46oAMF1Fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-78b66faf317a7aaf689de782;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: EI1picNm6z4XmZxnCmqbdZv4ok9AqXNvYGy8CtENrRkWLuuLUuETlg==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
etag: "5aa34545aa2274453b301c74a083034273177cbd"
content-type: image/jpeg
age: 79352
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8385 bytes)
Hash
3d6ed667dad0c17b3f1697f6ad5f1dd2
9eff2b1900bc9788dfbff11fce69cc7c944b1fc1
ec0f7b928c7efd46d2679477acd9f3bf0b335f31b9739c4e925b23bd5cd16a05

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8f2a5e3-1443-4c66-9b07-bbc789ebd9ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8385
x-amzn-requestid: 70d658a2-706c-428d-b232-d4a343556e55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8IUHv7IAMF8BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73ce-4288c6f05be90c543a5adb5a;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:58 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 00pLSzTvmnnvhdLG4rOtVPVM_F2rfQXus98AyXsY129ejW-1Y-UblQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 01:36:32 GMT
age: 65359
etag: "9eff2b1900bc9788dfbff11fce69cc7c944b1fc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (4000 bytes)
Hash
85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vOBDFA2LzOIp_0dMXApotrithfiToWtpM2xMRyx1pWAE86olKT6EpQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 02:36:43 GMT
age: 61748
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (74)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN