| ujslqoygli.duckdns.org/ | 45.82.249.101 | 301 Moved Permanently | 162 B |
IP45.82.249.101:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 24 Mar 2023 12:54:28 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ujslqoygli.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash65fc860bc043f3fb83bdc3debdcd322d 418010755deae099ef1284e402813c5837a10f42 d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14359
Expires: Fri, 24 Mar 2023 16:53:47 GMT
Date: Fri, 24 Mar 2023 12:54:28 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashbea3185dd820a31c1981317f37c3456d 1a548a5d27270fc11df9011837a7149571cedd78 469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12602
Expires: Fri, 24 Mar 2023 16:24:30 GMT
Date: Fri, 24 Mar 2023 12:54:28 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash51a5d4696a6090c295850554508b51ce c44e143c2223546e64b19f543b8101aaf3b11e97 8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13625
Expires: Fri, 24 Mar 2023 16:41:33 GMT
Date: Fri, 24 Mar 2023 12:54:28 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash4ad6984a756720fbfff47b37a75513a2 355e35258114452af8b9638985ed9d8ef3bf0aca 43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 12:27:37 GMT
content-type: application/json
age: 1611
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashe7bace7c1e04d44012e37ddffe36e5d5 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0O2M217dYhe6vi7dVfV+59VUvS4CP9C3P6tH2pJwfjp1HwZMPm8y5C4HvM9WAVALI+/uNH5c07GXU1qdNQQqHw==
x-amz-request-id: XXXBEYX5XMFF0Z9K
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 12:00:21 GMT
age: 3247
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:28 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf1b8f51282c086c74ab5a42e0a593b06 d27774fb7073f816dc0e55e04c671884c2734a57 c074fce32522e7e346508eefa07a39ddf8f97efdf1a2d1a26cba127199640afe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C074FCE32522E7E346508EEFA07A39DDF8F97EFDF1A2D1A26CBA127199640AFE"
Last-Modified: Fri, 24 Mar 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13986
Expires: Fri, 24 Mar 2023 16:47:34 GMT
Date: Fri, 24 Mar 2023 12:54:28 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 12:14:33 GMT
age: 2395
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash18b877ebbad1529e4bd91e12220d91c4 a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc 7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2185
Expires: Fri, 24 Mar 2023 13:30:54 GMT
Date: Fri, 24 Mar 2023 12:54:29 GMT
Connection: keep-alive
|
|
| ujslqoygli.duckdns.org/static/au_order/common1.css | 45.82.249.101 | 200 OK | 297 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/common1.css IP45.82.249.101:0
File typeASCII text, with CRLF, LF line terminators Hashe7747efc8e18c6821fe0db00205d7055 4d445d9637714edc0ac98addbf15b44f74e2ccf0 794faba0f02ad0e41635aa0d230de01811c967c10272f39c8ce05af1bb7aac78
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/common1.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
content-length: 297
last-modified: Wed, 15 Jun 2022 08:36:22 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 44.227.109.32 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP44.227.109.32:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /jlN3V1F9td5kNSwHov4gQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V3ble5toXoSY8c/9VdVhL0MZXbE=
|
|
| ujslqoygli.duckdns.org/static/au_order/css/bootstrap-mini.css | 45.82.249.101 | 200 OK | 3.2 kB |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/bootstrap-mini.css IP45.82.249.101:0
Hash19bf9d62c8487fa176f69f669e88f17e d97a181ed40b896027a3b7ced98db6ff535da57a 93566556cda127c9c8d908717e04885e2085648c425a628c0932bf2bb5519854
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/bootstrap-mini.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/hyahoo/model/common.css | 45.82.249.101 | 200 OK | 899 B |
URL HTTP/2ujslqoygli.duckdns.org/static/hyahoo/model/common.css IP45.82.249.101:0
File typeassembler source, ASCII text, with CRLF line terminators Hash54e1a6b67454ad54a93396e16208b7df 2271251393876e1662d5a0d08654d86132c0d2dc 70fe796ea3872a4f96dc3603b7b4e26fef3415acd88d5667ceca0e00bb444d64
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hyahoo/model/common.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
content-length: 899
last-modified: Tue, 21 Jun 2022 09:32:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/styles1.css | 45.82.249.101 | 200 OK | 224 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/styles1.css IP45.82.249.101:0
Hashc605b424176e2b3541570e9ebd66830b 742f776e24d609ac28b81fa32db0accd2b1c775f 2529e6744614421fbd4dbeaacc8d5dcda829fb233eb8cee1d45cb6f1bafbec80
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/styles1.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
content-length: 224
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/line_vk/model.css | 45.82.249.101 | 200 OK | 1.8 kB |
URL HTTP/2ujslqoygli.duckdns.org/static/line_vk/model.css IP45.82.249.101:0
Hashe3c34e520295811c23d77a2a66513136 7fff88b60bc11a999738aae43c39556f66ea0728 5d89f8ba51e42d2c892092172460f2574e809b18f5d8b3f566e22c5f5808be2c
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/line_vk/model.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Sat, 18 Jun 2022 12:54:30 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/images/addbtn.png | 45.82.249.101 | 200 OK | 1.8 kB |
URL HTTP/2ujslqoygli.duckdns.org/static/images/addbtn.png IP45.82.249.101:0
File typePNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data Hash096260c380940a324f8c54a213767bc2 0524bdeb61878e31c86c768155b3c8dc2a089e32 49847668da37879eb6a402f633bb0b55e33f92de4e64e159fcfeef9e3a1e34b4
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/images/addbtn.png HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: image/png
content-length: 1849
last-modified: Wed, 15 Jun 2022 08:28:34 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/hyahoo/model/circle_icon.png | 45.82.249.101 | 200 OK | 3.6 kB |
URL HTTP/2ujslqoygli.duckdns.org/static/hyahoo/model/circle_icon.png IP45.82.249.101:0
File typePNG image data, 114 x 114, 8-bit/color RGBA, non-interlaced\012- data Hash6bcdd355211ea388a87413d974ebe7a8 42aba13f710545481e2771d8493db5d1cd9a949a d316f7ba5748503fdeae7f6fbfd9d43ca14dc359908292ea53c961577e0ec61c
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hyahoo/model/circle_icon.png HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: image/png
content-length: 3579
last-modified: Tue, 21 Jun 2022 07:16:48 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.20.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.20.226:0
Hash495445dd090124ca8f8777177639c6d9 6e69b3b876593f3b21b7481f97f0f51657d8e71d dcf7a4f790260164a1291c320a342cad0a3844777a6f688a683412dddb8ac186
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:54:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 28 Mar 2023 11:04:19 GMT
ETag: "6e69b3b876593f3b21b7481f97f0f51657d8e71d"
Last-Modified: Fri, 24 Mar 2023 11:04:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3475
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7acf10294950b4eb-OSL
|
|
| vpc.lifecard.co.jp/img/buy/conv_pay_seven8.jpg | 45.60.33.107 | 200 OK | 20 kB |
URL HTTP/2vpc.lifecard.co.jp/img/buy/conv_pay_seven8.jpg IP45.60.33.107:0
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 320x148, components 3\012- data Hash3e3430a89ac5fc28bb87b185339c1e65 439df1fdef4142e72ab9ce8edd616cdc0d703bc2 92a1133138f8025d9e3952e7a9c66feb1857f75621d02a1c79d478df2996b1d4
GET /img/buy/conv_pay_seven8.jpg HTTP/1.1
Host: vpc.lifecard.co.jp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 20532
x-amz-id-2: r66GCIPwLlVZJHl/pB+Wrixr0gy3XslnmHg6NFGuBReochEQLkhWUxdE1GaNoERjvUtlAkn3UcQ=
x-amz-request-id: Z0JAZ4DQNYGSZP06
last-modified: Thu, 19 Aug 2021 03:36:25 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 24 Mar 2023 12:54:31 GMT
etag: "3e3430a89ac5fc28bb87b185339c1e65"
x-cache: RefreshHit from cloudfront
via: 1.1 3f25be8570bf62f8d4607f79984fccec.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: emt9gTU2kYYropgGaS5-8fD7kF7PjczV-CVkKTVzxJAb1Z0aOb_wiA==
set-cookie: visid_incap_2644937=+dkwoKlfR3GREH6QzgIJroWdHWQAAAAAQUIPAAAAAABYdPC8hBG1+nCo8dCQPt+/; expires=Fri, 22 Mar 2024 22:29:15 GMT; HttpOnly; path=/; Domain=.lifecard.co.jp
nlbi_2644937=wwyVKKfCSRfcznpF1woipQAAAADBHjYQjavqUA+cDhN9+vrF; path=/; Domain=.lifecard.co.jp
incap_ses_275_2644937=DinmIJaQ6Uv9oiMDp//QA4WdHWQAAAAAhCBuekLd4wZcvd9rhfwP3Q==; path=/; Domain=.lifecard.co.jp
x-cdn: Imperva
x-iinfo: 13-34826373-34826379 NNNN CT(0 4 0) RT(1679662468701 15) q(0 0 0 -1) r(0 11) U24
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb62c9b9530dd66bb7f03ba2ce3d835da bf8560766de78dd925e395f59610ab2f1335e565 62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4789
Expires: Fri, 24 Mar 2023 14:14:19 GMT
Date: Fri, 24 Mar 2023 12:54:30 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb62c9b9530dd66bb7f03ba2ce3d835da bf8560766de78dd925e395f59610ab2f1335e565 62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4789
Expires: Fri, 24 Mar 2023 14:14:19 GMT
Date: Fri, 24 Mar 2023 12:54:30 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb62c9b9530dd66bb7f03ba2ce3d835da bf8560766de78dd925e395f59610ab2f1335e565 62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4789
Expires: Fri, 24 Mar 2023 14:14:19 GMT
Date: Fri, 24 Mar 2023 12:54:30 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg | 34.120.237.76 | 200 OK | 4.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash85351059b67b0a42eda7e69a31b3b4b4 b798268806dc2f79f033e5872676019faf0e0cc1 86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vOBDFA2LzOIp_0dMXApotrithfiToWtpM2xMRyx1pWAE86olKT6EpQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 02:36:43 GMT
age: 37067
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg | 34.120.237.76 | 200 OK | 7.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash9bb55b1044454d0db2324a4af956cd51 5aa34545aa2274453b301c74a083034273177cbd fb7fa8b91ff7374ac6be2df05e1e98194f2adf3ce728b02a66323993145975ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7405
x-amzn-requestid: 9865b715-ff9b-498d-95b3-c728fd3430be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt7E46oAMF1Fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-78b66faf317a7aaf689de782;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: EI1picNm6z4XmZxnCmqbdZv4ok9AqXNvYGy8CtENrRkWLuuLUuETlg==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
etag: "5aa34545aa2274453b301c74a083034273177cbd"
content-type: image/jpeg
age: 54671
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg | 34.120.237.76 | 200 OK | 4.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf46d765cbcbbcd9707a21eec12d80002 d9bab36f53de76263a67bc34364e33bed28d35cd 772e85ac55db0fc3ca75329e0197c7caeff466e90b5cf85df7ccb44a85a253f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4438
x-amzn-requestid: ce3cbb97-2a19-4499-8ab7-18cf5f99b5ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK85SG3_oAMFQcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa83b-2750db5d028ac4ac54a865f8;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: s3be2clZAQ4R0f442UhQKzqwRKV4cO9mRaWArwIGHl42yU7N2JG36Q==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 13:45:06 GMT
age: 83364
etag: "d9bab36f53de76263a67bc34364e33bed28d35cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg | 34.120.237.76 | 200 OK | 6.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd733019c5326d4617096c74ae22fdffd 72bc0b2a19ca257ac974460f81af47fcfa2fee24 6746fcedbf4aad5c94582162e343d160fdc7d127bae807d1a97a9d7a231c9a70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: bf32e1c8-cac1-4f04-abe6-fba2e9e824f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK89vHbyoAMFc7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa857-5d84ed861375c4ba04a2ae30;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:51 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 60VbucTVJnuo0rLzrTvbdbQOIMQmhDMQT8st-Y49_plnM_akqw_V4w==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 04:01:18 GMT
age: 31992
etag: "72bc0b2a19ca257ac974460f81af47fcfa2fee24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png | 34.120.237.76 | 200 OK | 7.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc37bd8ec8ce9f45025fa76a31f60c68e 61ebc4cf54dd3ea145304f75ff199c4e0252906e 2c15447add79e494ffa5002cd0037ad8ffb154074fced77f2169a44c0340c75f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7600
x-amzn-requestid: ed7adb8b-5aa9-45b8-bc46-bdb716b95c4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQP4OHu8IAMFY6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc69a-46199f6b296939d662f19933;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:37:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: LP06Tcwj6aCuEqQXcE7oWBFpo88Ewh3PPSnFfwjecq7ejw9Mtfij8w==
via: 1.1 0a166b53605851fe961f5a2952e5a748.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:46:58 GMT
etag: "61ebc4cf54dd3ea145304f75ff199c4e0252906e"
content-type: image/jpeg
age: 54452
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash04db6085e8ec938c1385fb33b32ae036 0f173b8971723ec380a9610b3dda8f64890f6f37 873d5942c34057339f7a9c53a9d4cdc3a0b82f01223f851898da0ebbe0a628bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7482
x-amzn-requestid: 843e4bba-1550-44c4-be10-dd333148f83d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHxFuuIAMFvmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-03f5d2675850409e70748490;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i3f56KYdhzWqiBtE9-vSMBC17mWa0qZfxQb3AmHcNvApYKse8O3DdQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:56:06 GMT
age: 53904
etag: "0f173b8971723ec380a9610b3dda8f64890f6f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/js/jquery.cookie.js | 45.82.249.101 | 200 OK | 1.4 kB |
URL HTTP/2ujslqoygli.duckdns.org/static/js/jquery.cookie.js IP45.82.249.101:0
Hash4cd3995bf9a06595ba9f10c4e930daa8 0aa715c082f5a12174f0f827372e3aa5fe2116bf 5c6855225fbc78fdbadc7416c2e16b5bcd449424098a6d69c583d0a396ca479e
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/reset.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/reset.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/reset.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/line_vk/css/yahoo_main.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/line_vk/css/yahoo_main.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/line_vk/css/yahoo_main.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 21 Jun 2022 06:50:58 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/style.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/style.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/style.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/style2.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/style2.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/style2.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/main.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/main.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/main.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/js/2.js | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/js/2.js IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/2.js HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 08:03:13 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/js/jquery.loadmask.min.js | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/js/jquery.loadmask.min.js IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.loadmask.min.js HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/new1.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/new1.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/new1.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 20 Jul 2022 08:12:58 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/au_order/css/new.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/au_order/css/new.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/au_order/css/new.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/favicon.ico | 45.82.249.101 | 404 Not Found | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/favicon.ico IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /favicon.ico HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f; __tins__21569861=%7B%22sid%22%3A%201679662480129%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679664280129%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 24 Mar 2023 12:54:30 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/ | 45.82.249.101 | 200 OK | 0 B |
IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=8dedf681bff935a4d2e49c875476950f; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/css/jquery.loadmask.css | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/css/jquery.loadmask.css IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/css/jquery.loadmask.css HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:44 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ujslqoygli.duckdns.org/static/js/jquery-3.3.1.min.js | 45.82.249.101 | 200 OK | 0 B |
URL HTTP/2ujslqoygli.duckdns.org/static/js/jquery-3.3.1.min.js IP45.82.249.101:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: ujslqoygli.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujslqoygli.duckdns.org/
Cookie: sessionid=8dedf681bff935a4d2e49c875476950f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:54:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 23 Apr 2023 12:54:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|