r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f59c61c2847e503f094b8f93ac751c6
e8c25c43eaaaca2afc7678e33cfe3893f786cdd1
b801f713eadc60cde23d4248fca9de0f75a9437d57bd653051f832fdf1c0054e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B801F713EADC60CDE23D4248FCA9DE0F75A9437D57BD653051F832FDF1C0054E"
Last-Modified: Thu, 17 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11610
Expires: Fri, 18 Nov 2022 16:01:22 GMT
Date: Fri, 18 Nov 2022 12:47:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4950
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:47:52 GMT
Last-Modified: Fri, 18 Nov 2022 11:25:22 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6834
Expires: Fri, 18 Nov 2022 14:41:46 GMT
Date: Fri, 18 Nov 2022 12:47:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Fri, 18 Nov 2022 14:52:24 GMT
Date: Fri, 18 Nov 2022 12:47:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 12:44:47 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 185
alt-svc: clear
X-Firefox-Spdy: h2
teruggavetabel2022.ddns.net/bpf/
45.82.120.13200 OK 453 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/
IP 45.82.120.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 6d77ad97fb0cb49aa77f44f149b49c74
584f57c632718c433d61f3da09e9f6cce2fda9d8
d92294511c03dd7515629dbf83e56c6d02982df3b47e31cb457a5d3246140304
Analyzer Verdict Alert urlquery DynDNS domain detected
openphish BNP Paribas
fortinet Phishing
GET /bpf/ HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: real=OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 453
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: r3/T2zO375/QfcBrz/T9Lnqajn+bdx94XS7amclTRpTeXqmFv5FgspNwLehFIXSq7hfGkkU6P7M=
x-amz-request-id: P3SDVN9NRP6MYN0X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 12:15:36 GMT
age: 1936
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 12:47:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
teruggavetabel2022.ddns.net/favicon.ico
45.82.120.13404 Not Found 290 B URL HTTP/1.1 teruggavetabel2022.ddns.net/favicon.ico
IP 45.82.120.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2580bed35eb5a329185a3037f24cf354
a70f4b9b138bf74b15683b74efc360f8397c765d
192419f7bbdacac46de84c5e0d1680a074a8d01e77ea721f695af98f055b0c77
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /favicon.ico HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Fri, 18 Nov 2022 12:47:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 290
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 12:44:49 GMT
cache-control: public,max-age=3600
age: 183
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: max-age=165760
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:47:53 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:50:33 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UlEQMu/WgNScqPtsdoQ3iQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SjFCNU3g+byQQzOXxwv1d+JEEXc=
teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242?
45.82.120.13301 Moved Permanently 383 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242?
IP 45.82.120.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e2c553c66f2904b5002d332475499bfc
acb781a2156446dcf3a3e85d70686a9a798742e8
2c4228852227e93ba70c21c98fa5307c522f9701b8ecd6c090d44db3863d56db
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/a1b2c3/a3651e81167348a566ecb493e206e242? HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/?
Content-Length: 383
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/?
45.82.120.13302 Found 0 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/?
IP 45.82.120.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/a1b2c3/a3651e81167348a566ecb493e206e242/? HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teruggavetabel2022.ddns.net/bpf/
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: bid=a3651e81167348a566ecb493e206e242; expires=Sun, 18-Dec-2022 12:47:53 GMT; Max-Age=2592000; path=/
location: login/?
Content-Length: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
45.82.120.13200 OK 4.6 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
IP 45.82.120.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4844)
Hash 40a51e9c4b9af44474e7218d99cee9d0
a90f889260024577db97f14f49bea1c36bec423b
202c68123cd61fca1ea2c2e7459c2fe6030607ccae5276a924edf2208687772a
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/? HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teruggavetabel2022.ddns.net/bpf/
Connection: keep-alive
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4550
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
teruggavetabel2022.ddns.net/bpf/bower_components/jquery/dist/jquery.min.js
45.82.120.13200 OK 30 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/bower_components/jquery/dist/jquery.min.js
IP 45.82.120.13:0
File type ASCII text, with very long lines (32058)
Hash 3430607b4301113ad9394c9260eef3f0
8c4db68b161b17e31be300e968a30ab0116b3193
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 05 Jun 2017 09:55:06 GMT
ETag: "15283-551337f641280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/core/form/core_form.css
45.82.120.13200 OK 688 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/core/form/core_form.css
IP 45.82.120.13:0
Hash 54580514692da74a712a045be39a5741
f4998ae6fad70a1d380e50c2d58cdb688d1c5454
0a3feba41cf73ccf88bbf14c2e47100617f4be7dd8ae1ef671245e9e349b44a3
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/core/form/core_form.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 22:40:58 GMT
ETag: "adc-59af3897db280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 688
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/bower_components/ua-parser-js/dist/ua-parser.min.js
45.82.120.13200 OK 6.1 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/bower_components/ua-parser-js/dist/ua-parser.min.js
IP 45.82.120.13:0
File type Unicode text, UTF-8 text, with very long lines (16817)
Hash 14da93cff6d49885bf214d2503f614db
04d64d738cd0fd2b4eee3b8abc5326dfda3f1dea
49e584e9a0aee55b81771b9e010ccf1da6278da03fb8ddba07ef7a1f0a126732
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 12 Oct 2017 14:16:24 GMT
ETag: "4298-55b5a2f66be00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/bower_components/font-awesome/css/font-awesome.min.css
45.82.120.13200 OK 7.1 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/bower_components/font-awesome/css/font-awesome.min.css
IP 45.82.120.13:0
File type ASCII text, with very long lines (30837)
Hash 52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 09 Apr 2017 10:29:24 GMT
ETag: "7918-54cb9551a4900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/core/form/core_form.js
45.82.120.13200 OK 4.2 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/core/form/core_form.js
IP 45.82.120.13:0
Hash 4af886451dfabe89ecd8d9cc9ba29f99
2bb0506180463bf8d644f127ea32179eff354308
d5ad7f9001b3915a3566a70101e0529288bbdbcef7a0382a488fb6d6bf3189be
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/core/form/core_form.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 21 Apr 2020 16:42:18 GMT
ETag: "43da-5a3cfb2ddee80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4168
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/core/token/core_token.js
45.82.120.13200 OK 1.5 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/core/token/core_token.js
IP 45.82.120.13:0
Hash 0b1b083e12cfaee58d00f0534b0d8f0b
b951bfa4ef5b6f40e8177fe59e91aaedb04ce349
f6c011683d5090b935dd6ef547248f665d63bc07c2600e50f622a081080e4771
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/core/token/core_token.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 21 Apr 2020 16:37:48 GMT
ETag: "3215-5a3cfa2c60f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1548
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/bower_components/jquery.maskedinput/dist/jquery.maskedinput.min.js
45.82.120.13200 OK 3.3 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/bower_components/jquery.maskedinput/dist/jquery.maskedinput.min.js
IP 45.82.120.13:0
Hash 4d50860adbc3bac5b59f9c900670b2e4
19fb9ee275b56a0b239a76bc301b6d6ef3eae25f
6167a19f3ce290fe0a5620e7240f6a9b8e5137e7b080c2442c0e58b7e1bcbb02
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/bower_components/jquery.maskedinput/dist/jquery.maskedinput.min.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 17 Nov 2017 22:03:36 GMT
ETag: "4001-55e34e8869e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3284
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/login/form/css.css
45.82.120.13200 OK 112 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/form/css.css
IP 45.82.120.13:0
Hash d6c9aa671f226dd6ae1fee66ae397547
79f45d4575e11268a3c8c9d14313e722f7388f38
fed843423628dbf3d60c7131aa8d5d50c0302caf03c09460cdc7b4521ee78556
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/form/css.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 04:58:40 GMT
ETag: "9d-59ae4b2690000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 112
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/Web-Banking-Unauthenticated.css
45.82.120.13200 OK 132 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/Web-Banking-Unauthenticated.css
IP 45.82.120.13:0
Hash 13c23c231214868cad8d6fb728b9e976
5c3a5dc3b75b0cdea19d9e881e6e920cd61ab9a7
991749d8f8a1e7cdf207437edae84078db3c96b1a758e091c8386b396374eb2d
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/Web-Banking-Unauthenticated.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "7c-59adf0bafac00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 132
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/brand.css
45.82.120.13200 OK 173 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/brand.css
IP 45.82.120.13:0
Hash c55ed01ea85d8605c430e2c7e02a4fed
a43170906d582e93001709a95e51a4bd077cfce3
10a9e70f8dac3c50ad93b7ec567c96bfe0e6c53eba64ec2f51718a184c138917
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/brand.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 02:26:34 GMT
ETag: "10a-59ae292754a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 173
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/mediaelementplayer.min.css
45.82.120.13200 OK 2.2 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/mediaelementplayer.min.css
IP 45.82.120.13:0
Hash 062d9315cb6ea861bd0e628a9c2a7677
707a371323fdfb78aef9b251cd808d07f1c8648a
4a211363c4bcc13bc94a02a49002405aa9c8d951aa138ed2253f24ed053babfd
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/mediaelementplayer.min.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 02:29:06 GMT
ETag: "31f3-59ae29b84a080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2163
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/form/form.js?v=63777ef97c7ff
45.82.120.13200 OK 709 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/form/form.js?v=63777ef97c7ff
IP 45.82.120.13:0
Hash 42018b123357c5b2ce388ae78890b0f6
a8f7c33e594052eb4e5c5ebfea63079b402166aa
8ded9dda8bfa0bf3bbb1bb4577b99ccb105ba6ca04e7a583adcb8f59c71835d8
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/form/form.js?v=63777ef97c7ff HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 07 Dec 2019 04:03:58 GMT
ETag: "bf7-5991540700780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 709
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/login/token/token.js?v=63777ef97c803
45.82.120.13200 OK 521 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/token/token.js?v=63777ef97c803
IP 45.82.120.13:0
Hash d3b565ef26b0461dfc7f4a535c374e3e
ae7b09853ddcbb284c3f0637db296e829892b257
8996f1947528614052bf33337236c80e9592521c6fea667f1682c91fc5584172
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/token/token.js?v=63777ef97c803 HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 22:43:18 GMT
ETag: "4eb-59af391d5ed80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 521
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/login/ng/ng.js?v=63777ef97c804
45.82.120.13200 OK 1.4 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/ng/ng.js?v=63777ef97c804
IP 45.82.120.13:0
Hash 12dd579b46c8940b4c2d03edd283cc67
974585ecd07612d419be32625bc334cd3b7e6875
660bfe05e9063473651297e0b5a119a2550b68520b253737cbe2eb19e07b2cc8
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/ng/ng.js?v=63777ef97c804 HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 14 Apr 2020 16:34:36 GMT
ETag: "152c-5a342c670bf00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1389
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/bower_components/angular/angular.min.js
45.82.120.13200 OK 59 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/bower_components/angular/angular.min.js
IP 45.82.120.13:0
File type ASCII text, with very long lines (552)
Hash ef8273bb5f21cf02cdb9ccd56513e7c1
0de400b680cfc9a05f3d182ea010b4ecb6166f7a
369f26576626b7705342e67ae37363858a5655c66755ddff450054dfe9c70bc4
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/bower_components/angular/angular.min.js HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 18 Aug 2017 20:37:28 GMT
ETag: "2937c-5570d18ee1200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis-patch.css
45.82.120.13200 OK 910 B URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis-patch.css
IP 45.82.120.13:0
Hash ced484434adc2f622f83a227a8807174
1677b5bab1d444003d77c261296a67894bb68f5d
c8cd1dc158fd05a48f9e44488ef124af2675b1f0606b6b9e87f61c6eddcdfc40
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/bnpp-fortis-patch.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/brand.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 02:26:42 GMT
ETag: "ab3-59ae292ef5c80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 910
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis-pws.css
45.82.120.13200 OK 20 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis-pws.css
IP 45.82.120.13:0
Hash 927d96509e86632ac72f40d3aa4cb379
4976f891c8ec47aee1206a8864438f02487113b7
77d72dd02894fd11f85e602000ef71768afc1e299e992e5aa66cd25387053939
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/bnpp-fortis-pws.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/brand.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 30 Dec 2019 02:29:06 GMT
ETag: "213c4-59ae29b84a080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19622
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
45.82.120.13200 OK 83 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
IP 45.82.120.13:0
Hash f1faa6be4f260247d658026a7753cb6e
940423b33b7fc672f6431e06a42c31f74f21256c
a8a36a0a8f4dd58ae28ca4f2034da877811b0d08a663ffaa8c064742fb35021c
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/bnpp-fortis.css HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/brand.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 26 Jul 2020 12:16:30 GMT
ETag: "7c4eb-5ab572d0ec380-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
teruggavetabel2022.ddns.net/bpf/login/bnpp_sans_light-webfont.ttf
45.82.120.13200 OK 57 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp_sans_light-webfont.ttf
IP 45.82.120.13:0
File type TrueType Font data, 19 tables, 1st "FFTM", 21 names, Microsoft, language 0x409, Copyright (c) 2008 BNP ParibasBNPP Sans LightRegularChristopheBadanietStphaneGabrielli: BNPP San\012- data
Hash 7d7f4b6f7dd86a2240c905c6ce5ce84c
ff5a9655bd7dcedadd94defc44208bdc45182c11
60a1ce266a5ccb14551a31408b149f1c5dbb156a445985c563513ee5b7269457
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/bnpp_sans_light-webfont.ttf HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "de14-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 56852
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-sfnt
teruggavetabel2022.ddns.net/bpf/login/sprite.svg
45.82.120.13200 OK 85 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/sprite.svg
IP 45.82.120.13:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1147c57445d532e7ccf830d2df1d59cd
4c80308fedf52bbceef214d8ca59beff7ba332ef
77d8b27fb385e5ea2bb4a42503a85e3d5087fb535fd6e31a02d2c0824486d47e
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/sprite.svg HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "14ce7-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 85223
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
teruggavetabel2022.ddns.net/bpf/login/bnpiconfont.ttf
45.82.120.13200 OK 55 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpiconfont.ttf
IP 45.82.120.13:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, bnpiconfont\012- data
Hash 4227fada49ba687767667941bcdcf337
64d64aa108595d55b3060066f04cb818bf35948f
9ad773076cd905a570b315793a3c6cd7650b7080550262ebb8ff6bd1d47c1e16
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/bnpiconfont.ttf HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "d5e8-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 54760
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/font-sfnt
teruggavetabel2022.ddns.net/bpf/login/form/newloader.gif
45.82.120.13200 OK 557 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/form/newloader.gif
IP 45.82.120.13:0
File type GIF image data, version 89a, 480 x 480\012- data
Size 557 kB (557122 bytes)
Hash ef8d4e6b20b0cf0d68713fb2f6069042
d62bb4b1a169c88879de3bd2f5c4292b6259a952
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/form/newloader.gif HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 16 Sep 2019 12:51:56 GMT
ETag: "88042-592ab119b3300"
Accept-Ranges: bytes
Content-Length: 557122
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
teruggavetabel2022.ddns.net/bpf/login/bnpp_sans-webfont.ttf
45.82.120.13200 OK 56 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp_sans-webfont.ttf
IP 45.82.120.13:0
File type TrueType Font data, 18 tables, 1st "FFTM", 21 names, Microsoft, language 0x409, Copyright (c) 2008 BNP ParibasBNPP SansRegularChristopheBadanietStphaneGabrielli: BNPP Sans: 200\012- data
Hash f039e44c39c13cb02119bba68b075fc7
17c73540a093b4f161d73109afcff46f4c6abc31
43eaedd3523a071f0de1d520ed7b18d5eee105d9b03578fbcec8c597b6376b23
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/bnpp_sans-webfont.ttf HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "db88-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 56200
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-sfnt
teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671979&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1668775671980
45.82.120.13200 OK 57 B URL HTTP/1.1 teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671979&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1668775671980
IP 45.82.120.13:0
File type ASCII text, with no line terminators
Hash dfc27339448b9b5fcbd9203ae553a4ce
7e7f428d6a6dcd13ecabe344fa9e431346996e02
0ff16c1f53c7258a16e7a246d08e634c31bce113078e16680508e95e7b132ae2
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671979&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1668775671980 HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:54 GMT
Server: Apache/2.4.29 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Length: 57
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671978
45.82.120.13200 OK 57 B URL HTTP/1.1 teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671978
IP 45.82.120.13:0
File type ASCII text, with no line terminators
Hash a3e9651c9d3cc218819f74f88992564b
1a71df42d3cb31c9077ed2e07fb8789fb59ae2f6
9eedf6b4e8c3a89837bda44596f3e77c7a9ec35cc85af8e6c64b006d4b616444
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671978 HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:54 GMT
Server: Apache/2.4.29 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Length: 57
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
teruggavetabel2022.ddns.net/bpf/login/bnpp_sans_cond_regular-webfont.ttf
45.82.120.13200 OK 47 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/bnpp_sans_cond_regular-webfont.ttf
IP 45.82.120.13:0
File type TrueType Font data, 19 tables, 1st "FFTM", 20 names, Microsoft, language 0x409, Copyright (c) 2010 BNP ParibasBNPP Sans CondensedRegularChristopheBadanietStphaneGabrielli: BNPP\012- data
Hash b7e44876598fdbc52b751463dc820881
93719bc65214d168ebc32138c3cd9d3af68288ac
a56f74eaf471b8d0869d8d9556e4925e89767e210c4f0cf273ee012213086ec2
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /bpf/login/bnpp_sans_cond_regular-webfont.ttf HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/login/bnpp-fortis.css
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "b79c-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 47004
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-sfnt
i.imgur.com/qLLBIyP.png
151.101.84.193302 Found 0 B IP 151.101.84.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qLLBIyP.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
retry-after: 0
location: https://i.imgur.com/removed.png
accept-ranges: bytes
date: Fri, 18 Nov 2022 12:47:54 GMT
age: 0
x-served-by: cache-iad-kcgs7200087-IAD, cache-bma1631-BMA
x-cache: HIT, MISS
x-cache-hits: 0, 0
x-timer: S1668775674.028897,VS0,VE106
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
content-length: 0
X-Firefox-Spdy: h2
i.imgur.com/removed.png
151.101.84.193200 OK 503 B IP 151.101.84.193:0
File type PNG image data, 161 x 81, 1-bit colormap, non-interlaced\012- data
Hash d835884373f4d6c8f24742ceabe74946
20002faf28adfd94ca98cf6ced46f14334b53684
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
GET /removed.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teruggavetabel2022.ddns.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 May 2014 05:44:36 GMT
etag: "d835884373f4d6c8f24742ceabe74946"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 18 Nov 2022 12:47:54 GMT
age: 21186161
x-served-by: cache-bwi5162-BWI, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 17358
x-timer: S1668775674.170050,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 503
X-Firefox-Spdy: h2
teruggavetabel2022.ddns.net/bpf/login/favicon.ico
45.82.120.13200 OK 1.2 kB URL HTTP/1.1 teruggavetabel2022.ddns.net/bpf/login/favicon.ico
IP 45.82.120.13:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8c11f90c23286cc6567d724065a4b76a
5e4686375423c27fe684e88975d2fe3d97ea4b41
250f42c61302e615eacde04a542e31df74275ffc5a5159b3e8c1b5d7017e0105
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /bpf/login/favicon.ico HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: real=OK; bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:54 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 29 Dec 2019 22:14:08 GMT
ETag: "47e-59adf0bafac00"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 12:47:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 12:47:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 12:47:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 18:45:44 GMT
age: 64930
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14649d486602810c1b218b96b27b2cc4
96c6cbfe31e7247c64dfa8c3759967627f8c6286
80f5d7573fd2bf4e6a6038ebf1335d159ad37c391ee539918455963d6ee88654
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8884
x-amzn-requestid: 3739b8f5-bb0c-4798-a931-e955dd6df81d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MiGFxoAMFlxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa50-74c24a2f737634b655a5b47c;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d_bLYyZzi1phYwQ2e5uvUmzO0GuvNu9Ubi2PQ0ChilQJegKr3uUiRw==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:53 GMT
etag: "96c6cbfe31e7247c64dfa8c3759967627f8c6286"
content-type: image/jpeg
age: 53521
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:03:27 GMT
age: 53067
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 53825
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:18 GMT
age: 54816
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:27 GMT
age: 53547
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671981
45.82.120.13200 OK 57 B URL HTTP/1.1 teruggavetabel2022.ddns.net/uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671981
IP 45.82.120.13:0
File type ASCII text, with no line terminators
Hash a3e9651c9d3cc218819f74f88992564b
1a71df42d3cb31c9077ed2e07fb8789fb59ae2f6
9eedf6b4e8c3a89837bda44596f3e77c7a9ec35cc85af8e6c64b006d4b616444
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /uadmin/gate.php?pl=token&link=bnpparibasfortis&bid=a3651e81167348a566ecb493e206e242&callback=jQuery32105936735252594325_1668775671977&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1668775671981 HTTP/1.1
Host: teruggavetabel2022.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://teruggavetabel2022.ddns.net/bpf/a1b2c3/a3651e81167348a566ecb493e206e242/login/?
Cookie: bid=a3651e81167348a566ecb493e206e242; lng=nl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:47:58 GMT
Server: Apache/2.4.29 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Length: 57
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript