r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18009
Expires: Tue, 07 Feb 2023 18:54:37 GMT
Date: Tue, 07 Feb 2023 13:54:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6159
Expires: Tue, 07 Feb 2023 15:37:07 GMT
Date: Tue, 07 Feb 2023 13:54:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 13:36:31 GMT
content-type: application/json
age: 1077
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13807
Expires: Tue, 07 Feb 2023 17:44:35 GMT
Date: Tue, 07 Feb 2023 13:54:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qINWletOmXsL6XgkQVoNOvwNt8QrDvCBQoDlpCySv+9PVU7RybsYtuJ01p+nburJuKDmLacKrXE=
x-amz-request-id: QD7QE55GWHXEDDZ9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 13:35:32 GMT
age: 1136
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 13:54:28 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
b0arescured-auth.duckdns.org/login.php
164.92.84.161200 OK 45 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/login.php
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3816)
Hash ea57856f9f776426f4774c2c10a191e2
60058d84d9a595b38822d83ae7ff3552a9befabe
c81ef41276e7df07b275db2dfd2c1503e57e53b1a50acb3b7f205f87597f461a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET PHISHING Possible Phish - Saved Website Comment Observed
suricata medium ET PHISHING Cloned Website Phishing Landing - Saved Website Comment Observed
suricata medium ET PHISHING Bank of America Phishing Landing Aug 19 2015
suricata medium ET PHISHING Cloned Bank of America Page - Possible Phishing Landing M3
GET /login.php HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
b0arescured-auth.duckdns.org/assets/jquery-migrate-custom.js.download
164.92.84.161200 OK 10 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/jquery-migrate-custom.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
Hash bedff910fdc85bf57f5b28ac6f9474ac
8752dc091a7c0d60fa1b98dd2d589d89925a2948
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/jquery-migrate-custom.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 10067
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 13:14:52 GMT
age: 2377
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
b0arescured-auth.duckdns.org/assets/cc.go
164.92.84.161200 OK 30 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/cc.go
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (4761)
Hash 744146f6eecec2aac15a13123b714894
83c8ece05ad6a2e542a19856e85b81e75df04efd
b550b0368c11c91f78ebeb90da80fc05316b8ae088c3474ad06ed98fae938a4f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/cc.go HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 30015
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15642
Expires: Tue, 07 Feb 2023 18:15:11 GMT
Date: Tue, 07 Feb 2023 13:54:29 GMT
Connection: keep-alive
b0arescured-auth.duckdns.org/assets/dis4.js.download
164.92.84.161200 OK 66 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/dis4.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8d3e68b8d1ddbfd43e7e42910debd987
9821bfc4edb315ab6e891787c26ff84e8b119d8d
254f60b1f39115885b9af83ac9c174005fb2d226a93c518890a31f9b64e6ae4d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/dis4.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 65999
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/creanza.js.download
164.92.84.161200 OK 68 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/creanza.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4cff2a0fe8e2a5722823ba9d3b2cace3
900a129bb30cee0dd23ff395a88d7df9ce3dd043
8b0618969f69f68742b2842b3c37f2cab542a3d20146fe29ab80b4236fc3f4be
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/creanza.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 68460
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/porte.js.download
164.92.84.161200 OK 96 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/porte.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash 064e2a5b0f8a4832e56b0c6fa3e8fda4
c67ca6917818a8d9f0019a1ddd3ae93ab22bc9b9
728b982dfb3ee646aca645692e0468b8baa22c1571bde1055fe2b950a6a9dfbb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/porte.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 95615
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/kurt.js.download
164.92.84.161200 OK 104 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/kurt.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 104 kB (104156 bytes)
Hash e4d374c19a845affe147ce882bb82e44
2df4ee1b40593d9c0f14e76665b04029c25917a7
5347fb2c42d6b59463a472716a4689a5c56e5eaddb4182228230e9df4a6fe232
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/kurt.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 104156
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/avt
164.92.84.161200 OK 71 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/avt
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash 6e12a6d1251b8267e7dd6542523c76d8
202fd9bfed5190fc099eecc94b047af75f7d80a2
f5315bac0038842abe6114ccc0f90722cbe0030960cdaeff189906b0df731a75
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/avt HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 71
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
push.services.mozilla.com/
52.40.156.208101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.40.156.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fB9ea0oXFZwlvqRuuhPvUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nAhb+1pfOHVA27BOk770JnFgj9E=
b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
164.92.84.161200 OK 457 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 457 kB (457347 bytes)
Hash 4235277c454a9944dbdda3f6a3583ff4
1bbd7abc0dffaeb22091d8dc1cabb6ccb2b77ff5
3e83083bfbd6c5b1c882ed14adcf21e9d89eb8530a3d09e9c598232e2f333d89
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/vipaa-v4-jawr.css HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 457347
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
b0arescured-auth.duckdns.org/assets/pHAQ
164.92.84.161200 OK 169 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/pHAQ
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash cf827cb370b0d1cd70602febfdbc3be3
c534037b7221a62bd172aa4ce241fa9cb62f496f
ae53abd4087cf62d92d3c7bdd8b140e4bb439404d48ca7bd339943e57b59fa58
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/pHAQ HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 169
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
b0arescured-auth.duckdns.org/assets/C5ib
164.92.84.161200 OK 158 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/C5ib
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash 22255c1e6a77e7e7e23f467de4e7ad3b
96a3135a29fcd80b99bb013efd256bbba14f1b9f
06d26e6fc22888fb3dfe7a84035f49be74db7a27d4dd862a3bd0d35acc38a231
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/C5ib HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 158
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
b0arescured-auth.duckdns.org/assets/C5ib(1)
164.92.84.161200 OK 158 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/C5ib(1)
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash a338fbf8ed00f1fa80376fa8f3d69209
fd7319f32a9192e39e08186360057acae89616bc
ceb0a502a685e83418be6c52286a6bcb8d302c0794b6b22f01310cb70f006724
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/C5ib(1) HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 158
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
b0arescured-auth.duckdns.org/assets/callsign.js.download
164.92.84.161200 OK 1.6 MB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/callsign.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 1.6 MB (1595017 bytes)
Hash 89aeca1ec54193227a5654178e00a81d
5595acbe40881cbd386df7c0d29a3f0abcf49adf
9e2273383e3ff624ab1b108fed720344188649c5ec425da9d4e67c6ae7ed76f5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/callsign.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:28 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:30 GMT
Accept-Ranges: bytes
Content-Length: 1595017
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/online-id-vipaa-module-enter-skin.js.download
164.92.84.161200 OK 51 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/online-id-vipaa-module-enter-skin.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
Hash 41604eb9f8714943b027b06afb8f0836
3852bf0b4b11b87d4a9e8c19edad6adde32e48c1
1c6b0ff89dd07b35d40a64ff3878ae8aa1e3e3ac23b7d23b421906bea4a6304f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/online-id-vipaa-module-enter-skin.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 50755
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/cm-jawr.js.download
164.92.84.161200 OK 42 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/cm-jawr.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (42027), with no line terminators
Hash 48bd15dcb4c7045c72a2051ee85d1636
a6d4ba03db3402a0d1b82f809fbbea9ad4d0f109
e49851a126b4eac23416ee43bc11329b8cf2a857018e030191c4b649a975fb61
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/cm-jawr.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:30 GMT
Accept-Ranges: bytes
Content-Length: 42027
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/532e636f.js.download
164.92.84.161200 OK 758 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/532e636f.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 758 kB (758221 bytes)
Hash 6f81200d1b4a42edbd75883ed85976ac
ff3193df132d15d196e7e2e44c1000f4ce8e9f44
a994e229a73078e380f15ce19e196f8b06b59cdb4aa5dd4fe30ddf528ad42e69
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/532e636f.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 758221
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/hover.js.download
164.92.84.161200 OK 67 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/hover.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash e8aa3134337614a80e9c403ab27314d0
84659ecfab2d566bd651cbd2027b434b1b08bdf8
65b38b9f4c72bdaba8c94999ee99baeefa37b2e2ba4dc81037208e21568b0c54
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/hover.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 67125
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.js.download
164.92.84.161200 OK 1.6 MB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.js.download
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65451)
Size 1.6 MB (1556199 bytes)
Hash 5bdfced62c43e454732cbe43947c4792
6aa67085eb5518b87ff58df9cc533036d54a1b2d
3222ae2b1a2e64fbf2c132ba664ef5df2d6aba8120873fc4b857a7555f2bc1bf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/vipaa-v4-jawr.js.download HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:29 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 1556199
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9810
Expires: Tue, 07 Feb 2023 16:38:00 GMT
Date: Tue, 07 Feb 2023 13:54:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9810
Expires: Tue, 07 Feb 2023 16:38:00 GMT
Date: Tue, 07 Feb 2023 13:54:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9810
Expires: Tue, 07 Feb 2023 16:38:00 GMT
Date: Tue, 07 Feb 2023 13:54:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9810
Expires: Tue, 07 Feb 2023 16:38:00 GMT
Date: Tue, 07 Feb 2023 13:54:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9810
Expires: Tue, 07 Feb 2023 16:38:00 GMT
Date: Tue, 07 Feb 2023 13:54:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eedb4de12585c70ddb5b8f94fe6a59e2
83c9437e71a0a03b3e8ff652155a85eafa76cdda
d4493a30f62e9ad224b3595ba3af8a322e2d4a3d9238a1847973f962bdcc0c82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4227
x-amzn-requestid: b45f2ab7-0102-4542-9514-54fb93a0e27f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77sTH4jIAMFnsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1731b-4a24bcb1102e58543cd81343;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ovhdLaEGaDSC8X0F9VamLw0KyBPWkxfYg5pssOT8NOZP4IBtNk6Gfw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:19 GMT
etag: "83c9437e71a0a03b3e8ff652155a85eafa76cdda"
content-type: image/jpeg
age: 57551
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59419fb1cf4689bed183d0e9a6aed782
47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a
e6009407bd61bee1ae16ec30ea5914be77c56ee65dfb30595b10a1cedc6798c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12682
x-amzn-requestid: d858d90a-b1ca-401c-8e00-8ccd9c0a7504
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f78mUEsfIAMFreg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1748e-2783de3e3de9c520246bf06e;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:43:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _D5bI_flPN8fUn6aTGqO76FRSDwwC379nkVCBptmZkALErIVFCZfpA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:19 GMT
age: 57551
etag: "47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75b0935816ca54d5d20a9fffa5531e0d
bd8374980c16b7d5a28e55b8bef2215713b1ebb2
4ab6f49d22d029681754b617001f93467d63035acdaf12905c2314cab77991af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13390
x-amzn-requestid: e7653b49-3160-42e3-8292-8ae32604f775
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpc8KEoPoAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da0eb4-68fd76a95ffa656318bedff6;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 07:03:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KaitXsesZ9mJducJ54ChzQGfb-2-hEN4W_QojGMKXYEji4xsjNdWCA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 09:07:41 GMT
age: 17209
etag: "bd8374980c16b7d5a28e55b8bef2215713b1ebb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr-print.css
164.92.84.161200 OK 10 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr-print.css
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (9953), with no line terminators
Hash a2af793292866b502045f42be5fc997c
088f20867c1ff4931bf7917ab47e6940f7dfe493
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/vipaa-v4-jawr-print.css HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:30 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:26 GMT
Accept-Ranges: bytes
Content-Length: 9953
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 04:57:37 GMT
age: 32213
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d29e7077f69b88a0108efeb7a2efe7e9
1958f83edeb8c6b68f17cead3fb5714f44e619eb
371f02a5b36ac3e52cc6c4e78f0980107a0f92105e79ee53278089ae5ff6de93
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10788
x-amzn-requestid: 8e1c8026-1eea-4eb0-810e-7ea43ed11f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyymWEsSoAMFykg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddcaf5-20fc23b535fa86f56a34fbae;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 03:03:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nb86Kj6pqD3DFzCeTNtTGNXsNfHLvu4kgYq6qmhu2Ygya462lBl0lg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 05:13:55 GMT
age: 31235
etag: "1958f83edeb8c6b68f17cead3fb5714f44e619eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:19 GMT
age: 57551
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b0arescured-auth.duckdns.org/assets/BofA_rgb.png
164.92.84.161200 OK 39 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/BofA_rgb.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1520 x 170, 8-bit/color RGBA, non-interlaced\012- data
Hash 49bc9262c4a31f1ee2ca2dd5e1dc8588
5b145ba3666ffa9eded453160010567ccc24e8cc
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/BofA_rgb.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:30 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 39422
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
b0arescured-auth.duckdns.org/assets/mobile_llama.png
164.92.84.161200 OK 19 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/mobile_llama.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 298 x 416, 8-bit colormap, non-interlaced\012- data
Hash 178098b4327cb4e5407e4a69c8cd2d18
0be208356ff56bea3794ed175f3682c2b0701415
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/mobile_llama.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:30 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:30 GMT
Accept-Ranges: bytes
Content-Length: 19167
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7e44d5fc95f5c12585fb3df05da62bb
26d68330342381157a56fcb6a1e9f531d729f49e
2eed3537cedcbfe958e68d26cc439cb2e2a375abc55e5c4dbd28bf8f5a7b98f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2883
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 13:54:30 GMT
Last-Modified: Tue, 07 Feb 2023 13:06:27 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2
52.31.164.85200 OK 104 B URL HTTP/1.1 dpm.demdex.net/id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2
IP 52.31.164.85:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90a8ce4aa172e4b63430c93639257805
d30e7b2034df83180b28f024556a5534dce531c3
093ac6be731cba244fff837ea4fa57ab36e1fde5a5a53d9b36a467184eae87f5
GET /id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://b0arescured-auth.duckdns.org
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://b0arescured-auth.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 198
X-TID: hAhvBJdHQIw=
Content-Length: 104
Connection: keep-alive
b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/sign-in-sprite.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/sign-in-sprite.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/global-assets/1.0/graphic/sign-in-sprite.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/assets/saved_resource.html
164.92.84.161200 OK 22 kB URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/saved_resource.html
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (21791)
Hash e0e69fb50acb94fcdae6f3483d4d52b9
ea8aa87e8c474b15af1da41c44e15ec88a6c1cd6
5e4823a7ee724c2bcb07c61331ac7578765f3251b750332c26ae0e4651ca09c4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/saved_resource.html HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:30 GMT
Accept-Ranges: bytes
Content-Length: 22483
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
b0arescured-auth.duckdns.org/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash cf6a677fd36d498a35e205931a503340
fa5d570e20042ca4d92edd772fc3ddcb22e99f60
a8f483303ca478033c179d5b7b240a384470ed7bcaae87d15759af63dc867516
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "A8F483303CA478033C179D5B7B240A384470ED7BCAAE87D15759AF63DC867516"
Last-Modified: Tue, 07 Feb 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3352
Expires: Tue, 07 Feb 2023 14:50:23 GMT
Date: Tue, 07 Feb 2023 13:54:31 GMT
Connection: keep-alive
b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/msg-icon-sprite-fsd.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/msg-icon-sprite-fsd.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/global-assets/1.0/graphic/msg-icon-sprite-fsd.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/close-button-fsd.png
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/pa/global-assets/1.0/graphic/close-button-fsd.png
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /pa/global-assets/1.0/graphic/close-button-fsd.png HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/assets/vipaa-v4-jawr.css
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 9e90346b4d41d02bc1c599b34a33827b
966df60c5f588324f785b344fb1333f0af242dfa
796a9508ccc4bf0a10e5cfd30b5421bacad44703c1d864da48c0c8c263fde040
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "796A9508CCC4BF0A10E5CFD30B5421BACAD44703C1D864DA48C0C8C263FDE040"
Last-Modified: Tue, 07 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3423
Expires: Tue, 07 Feb 2023 14:51:34 GMT
Date: Tue, 07 Feb 2023 13:54:31 GMT
Connection: keep-alive
rail.bankofamerica.com/30306/hover.js?dt=login&r=0.23573126806926303
44.207.190.2403 Forbidden 146 B URL HTTP/1.1 rail.bankofamerica.com/30306/hover.js?dt=login&r=0.23573126806926303
IP 44.207.190.2:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
GET /30306/hover.js?dt=login&r=0.23573126806926303 HTTP/1.1
Host: rail.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
HTTP/1.1 403 Forbidden
Date: Tue, 07 Feb 2023 13:54:31 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
Server: haile
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie
52.247.36.244200 OK 2.0 kB URL HTTP/2 bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie
IP 52.247.36.244:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2036), with no line terminators
Hash b63eb24bc79591231744cde5792e37e8
7a213e670fcd836e398f8863c472f30f334a22a4
b6aa571604381daac5ae9010d0b8d6618b9a157440f678b6840c7dcff892d8ac
POST /client/v3.1/web/wup?cid=barbie HTTP/1.1
Host: bup.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://b0arescured-auth.duckdns.org
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 2040
date: Tue, 07 Feb 2023 13:54:31 GMT
server: uvicorn
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: f724b9d2-73ac-4fa0-96e8-3c7ad83bffc8
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
X-Firefox-Spdy: h2
testdata.coremetrics.com/cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php
54.144.151.173302 Found 0 B URL HTTP/1.1 testdata.coremetrics.com/cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php
IP 54.144.151.173:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php HTTP/1.1
Host: testdata.coremetrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Vary: Host
Set-Cookie: CoreID6=83071675778072090970753; path=/; expires=Sat, 06 Feb 2038 13:54:32 GMT
TestSess3=83071675778072090970753;path=/
Location: /cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php&cvdone=p
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Content-Length: 0
Connection: close
b0arescured-auth.duckdns.org/login/sign-in/cc.go
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/login/sign-in/cc.go
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /login/sign-in/cc.go HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/login/rest/sas/sparta/v2/iac?dfp=true&_=1675778120662
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/login/rest/sas/sparta/v2/iac?dfp=true&_=1675778120662
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /login/rest/sas/sparta/v2/iac?dfp=true&_=1675778120662 HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/json
cache-control: no-cache
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
testdata.coremetrics.com/cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php&cvdone=p
54.144.151.173200 OK 43 B URL HTTP/1.1 testdata.coremetrics.com/cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php&cvdone=p
IP 54.144.151.173:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /cm?tid=6&ci=60010394&vn2=e4.0&st=1675778121018&vn1=4.2.7.1BOA&ec=UTF-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1675779509436&pc=Y&jv=1.5&je=n&sw=1280&sh=1024&pd=24&tz=0&ul=http%3A//b0arescured-auth.duckdns.org/login.php&cvdone=p HTTP/1.1
Host: testdata.coremetrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://b0arescured-auth.duckdns.org/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Vary: Host
Expires: Mon, 06 Feb 2023 13:54:32 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Length: 43
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Connection: close
Content-Type: image/gif
b0arescured-auth.duckdns.org/assets/pHAQ?d=ZW5jZEBRcTlaV3NWKzgrTkMxQTRaS2Y1Zkp2S3h1RjlaQzhqaXY0QXhDNUN0Qy9DREdVbno3T2dza0k0czZXRjNLbTRIVnFNc3JOQVVkNlAzTnpDdzNvcU02WXhiSlBYTURtaUtLYTBOS05sZFhtWVEwVXprTDVKWWkxT0FCSEFKQnd0Wk4yeXE1ZlR5WEduTk9WMk5HMlc2cEVJS0lPTlIxS0QzY3c9PXw4ZjI5ZjVhMzk0NTM3NzczZDgxNzFmZjUyMmNmZWZiZmFhYzU3MzllYjg0MjgxNjE1OTk1YTExNjZiYmZmMTc1OWQwM2I3MzkxMjU5ZGQwNGIzNjQ1MDA3NzZlYjY4NTNmZWQyZWUxYWIyMGYxN2QzMzg3YzI0NzBjYzczOGZhNzMxZDEzOTEyMDc0OTMwNjI1ZjI5ZGJkYWE2ZDQ5NWRkNjUwMTEyZTdlNTIxYzA0NjAyZjZmZTRmMmE3MDdlN2IyNjZjYjIwNjBmNDk4NjVmNzI4Y2M5OGNkY2ZlNjJjZGZhNjRkODJmOTg0OWYzNDM3MDUxMjdiMzA0YjdhMWI1NzRlN2FhMjkxOTc1ZmEzOGFjNWUwZjQ3ZTc0OGEwOTBlNTg1OTQ0OTRjZjc3NzI1YzU0OWZmZDY2ZGIyZTllMWIxM2VkZjE4NDZhNzc3YTY2MTIzNTBjMGEyMmVhMDExMTM0NTBiZDdlNjBiMjI4ODhmMzMyNWUyZjNiZDkzNmViNzYzYTE5MzQ0YTAxNjY5ZWY3OWRjZmZhYTM4NWZjYWRkMmM5MDhjZmNhODI0ZWZkOTc0NjI5Y2MyMzhkNGExNjNjNjBlMGFlNzFjMjBhNjIwZTYwNzViZmEwZDM2ZTE0M2M2YTYzMGEwMGEwMGFkOWJhN2YzNDBlYTdkOGJiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C28&si=2&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=erulbxgnyreegivn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
164.92.84.161200 OK 169 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/pHAQ?d=ZW5jZEBRcTlaV3NWKzgrTkMxQTRaS2Y1Zkp2S3h1RjlaQzhqaXY0QXhDNUN0Qy9DREdVbno3T2dza0k0czZXRjNLbTRIVnFNc3JOQVVkNlAzTnpDdzNvcU02WXhiSlBYTURtaUtLYTBOS05sZFhtWVEwVXprTDVKWWkxT0FCSEFKQnd0Wk4yeXE1ZlR5WEduTk9WMk5HMlc2cEVJS0lPTlIxS0QzY3c9PXw4ZjI5ZjVhMzk0NTM3NzczZDgxNzFmZjUyMmNmZWZiZmFhYzU3MzllYjg0MjgxNjE1OTk1YTExNjZiYmZmMTc1OWQwM2I3MzkxMjU5ZGQwNGIzNjQ1MDA3NzZlYjY4NTNmZWQyZWUxYWIyMGYxN2QzMzg3YzI0NzBjYzczOGZhNzMxZDEzOTEyMDc0OTMwNjI1ZjI5ZGJkYWE2ZDQ5NWRkNjUwMTEyZTdlNTIxYzA0NjAyZjZmZTRmMmE3MDdlN2IyNjZjYjIwNjBmNDk4NjVmNzI4Y2M5OGNkY2ZlNjJjZGZhNjRkODJmOTg0OWYzNDM3MDUxMjdiMzA0YjdhMWI1NzRlN2FhMjkxOTc1ZmEzOGFjNWUwZjQ3ZTc0OGEwOTBlNTg1OTQ0OTRjZjc3NzI1YzU0OWZmZDY2ZGIyZTllMWIxM2VkZjE4NDZhNzc3YTY2MTIzNTBjMGEyMmVhMDExMTM0NTBiZDdlNjBiMjI4ODhmMzMyNWUyZjNiZDkzNmViNzYzYTE5MzQ0YTAxNjY5ZWY3OWRjZmZhYTM4NWZjYWRkMmM5MDhjZmNhODI0ZWZkOTc0NjI5Y2MyMzhkNGExNjNjNjBlMGFlNzFjMjBhNjIwZTYwNzViZmEwZDM2ZTE0M2M2YTYzMGEwMGEwMGFkOWJhN2YzNDBlYTdkOGJiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C28&si=2&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=erulbxgnyreegivn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash cf827cb370b0d1cd70602febfdbc3be3
c534037b7221a62bd172aa4ce241fa9cb62f496f
ae53abd4087cf62d92d3c7bdd8b140e4bb439404d48ca7bd339943e57b59fa58
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /assets/pHAQ?d=ZW5jZEBRcTlaV3NWKzgrTkMxQTRaS2Y1Zkp2S3h1RjlaQzhqaXY0QXhDNUN0Qy9DREdVbno3T2dza0k0czZXRjNLbTRIVnFNc3JOQVVkNlAzTnpDdzNvcU02WXhiSlBYTURtaUtLYTBOS05sZFhtWVEwVXprTDVKWWkxT0FCSEFKQnd0Wk4yeXE1ZlR5WEduTk9WMk5HMlc2cEVJS0lPTlIxS0QzY3c9PXw4ZjI5ZjVhMzk0NTM3NzczZDgxNzFmZjUyMmNmZWZiZmFhYzU3MzllYjg0MjgxNjE1OTk1YTExNjZiYmZmMTc1OWQwM2I3MzkxMjU5ZGQwNGIzNjQ1MDA3NzZlYjY4NTNmZWQyZWUxYWIyMGYxN2QzMzg3YzI0NzBjYzczOGZhNzMxZDEzOTEyMDc0OTMwNjI1ZjI5ZGJkYWE2ZDQ5NWRkNjUwMTEyZTdlNTIxYzA0NjAyZjZmZTRmMmE3MDdlN2IyNjZjYjIwNjBmNDk4NjVmNzI4Y2M5OGNkY2ZlNjJjZGZhNjRkODJmOTg0OWYzNDM3MDUxMjdiMzA0YjdhMWI1NzRlN2FhMjkxOTc1ZmEzOGFjNWUwZjQ3ZTc0OGEwOTBlNTg1OTQ0OTRjZjc3NzI1YzU0OWZmZDY2ZGIyZTllMWIxM2VkZjE4NDZhNzc3YTY2MTIzNTBjMGEyMmVhMDExMTM0NTBiZDdlNjBiMjI4ODhmMzMyNWUyZjNiZDkzNmViNzYzYTE5MzQ0YTAxNjY5ZWY3OWRjZmZhYTM4NWZjYWRkMmM5MDhjZmNhODI0ZWZkOTc0NjI5Y2MyMzhkNGExNjNjNjBlMGFlNzFjMjBhNjIwZTYwNzViZmEwZDM2ZTE0M2M2YTYzMGEwMGEwMGFkOWJhN2YzNDBlYTdkOGJiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C28&si=2&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=erulbxgnyreegivn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 169
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
b0arescured-auth.duckdns.org/assets/C5ib?d=ZW5jZEBUUG03TXpqVXJxV0poYm50ZGVpaW0xTk1VbklwL0hWaHpkK0UrcGVMUWszSE40VjZBb3BsMC9WK2dCNVVxcEtGWDVGNnhoSGx2c29SYjJWZHJBc0ovQTVGeWN1QjRvcVg3KzM3SHhtcUlzTnhYTitwYy9idE9TZ1hhandMSS84WTN6S3E5cThuTVJoVVlIM1ZKSC8rRVZzV0RjclFxRVJEUnk5VC85OHNOL05rc1UvWUxNZ1grSFREV2N6bUhtUU5pKzRhcEdmeHM3aWFZeWZaMmMrT25Lb2U2b0ZxaUxEWU8vOFlrMDhPc0U3R1lhRW5FTUtaQkhzTVpmTHk0YWJNT1lTUzZQb1Q4QjFuWTJmRWxRZkt2RTNLRnc2Vi9hdkN2bmdvVGM5WVovT0dUVVRIbXU0Q1Z5NWJEdDJxd1B1cmlIdTZjdHpyWU1ZNjNMTk16WDZ1UFJCaUk2ZlNicGZra3ZHVWpGQ29aQzVieFJVWWh2eWJUbnNySm5LZVFJTFZPckhjVVp1d09EWE40OElNdUd0dDY5Wm5vcEFHQlR6S3hZWTEyRXFVOGRXRk01a0srSTB0NU5ITG9DRnU2VGI4Ui9QZlE4QmY0WXRYS1JhZmpadzkxaFF0VWVIMXNZb091QlE4WXhGbmtaVjNxYXRwc3p1WkphQnY2MUdoRlA0ekNLS2p0OWRsbVV1TGduaHRDcnFvWE1oOFRMSkI1YmM1b1pGZzc1NEdxMjR1YnV3a2UwNEJYMkc4cm1xZm02TmJOZTRkbUpFbGhUZGd8YWVlNTE1MDZmMWU4ZWVjMWI3ZmIwYzllMzVhOTExMTI1MjY2MDVhZDg2ODRlNjEzZDUxZWMxYWMwNzI0YjgxY2Q2MDcxZjRiY2MzNjIzMjI5ZDJjODcyZDM2MTA2MWQ4MDEzZTRlNGJjNGI2N2JjMjA5YzM4NTZhY2VjMzNhZDZhM2YyZjAxYTUzYjRkNjI2ZTQxMzUwOTUxNGE1YjA3YmQ2ZjBkOWM4YzBkNTgxYmZiMTk1OGZkM2U2NGRlYWUzMTU3MWMwYmRmNjNlOTkxMjRmZThkYzVmNTU1ZDRhMGQxNjhjODA0OTZiZGVhOGQ0NzcxYTllN2IxYWJlNTk2MDdmMGNmODU2YWQzMzc5ODQ3MDA3OTY4ZTM5OTAxZTZkNDI4NGI0ZTc3OThjMGE3ZjM0OTQzNzczZGI1MTIyNjMwZDUwZmNiNzAyOTE5YTI0ZjZlNThjODczOTMwZDgxNzE0OWUzMWNhODI2YzE4MWQyODQxNDRkNzlhOTA2MmRiYTcyOWVkZmRkYjQ2ZGExMGE0NzhmOWViMjBhNTkyNzEzYzE2NmJjNTI0NGYzMmNkNzJiYTEwYmU4Y2M4YWI1YWY4OWI1NzFhZTliZTc0MTdmY2U4MTQzNDhkMDhkZjVhNjFjNGYwMTY2MjE2YWYxMWU0NGZiNTdiM2U4YmFhYTF8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C8&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=v_wwpoi_azcbclhn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
164.92.84.161200 OK 158 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/C5ib?d=ZW5jZEBUUG03TXpqVXJxV0poYm50ZGVpaW0xTk1VbklwL0hWaHpkK0UrcGVMUWszSE40VjZBb3BsMC9WK2dCNVVxcEtGWDVGNnhoSGx2c29SYjJWZHJBc0ovQTVGeWN1QjRvcVg3KzM3SHhtcUlzTnhYTitwYy9idE9TZ1hhandMSS84WTN6S3E5cThuTVJoVVlIM1ZKSC8rRVZzV0RjclFxRVJEUnk5VC85OHNOL05rc1UvWUxNZ1grSFREV2N6bUhtUU5pKzRhcEdmeHM3aWFZeWZaMmMrT25Lb2U2b0ZxaUxEWU8vOFlrMDhPc0U3R1lhRW5FTUtaQkhzTVpmTHk0YWJNT1lTUzZQb1Q4QjFuWTJmRWxRZkt2RTNLRnc2Vi9hdkN2bmdvVGM5WVovT0dUVVRIbXU0Q1Z5NWJEdDJxd1B1cmlIdTZjdHpyWU1ZNjNMTk16WDZ1UFJCaUk2ZlNicGZra3ZHVWpGQ29aQzVieFJVWWh2eWJUbnNySm5LZVFJTFZPckhjVVp1d09EWE40OElNdUd0dDY5Wm5vcEFHQlR6S3hZWTEyRXFVOGRXRk01a0srSTB0NU5ITG9DRnU2VGI4Ui9QZlE4QmY0WXRYS1JhZmpadzkxaFF0VWVIMXNZb091QlE4WXhGbmtaVjNxYXRwc3p1WkphQnY2MUdoRlA0ekNLS2p0OWRsbVV1TGduaHRDcnFvWE1oOFRMSkI1YmM1b1pGZzc1NEdxMjR1YnV3a2UwNEJYMkc4cm1xZm02TmJOZTRkbUpFbGhUZGd8YWVlNTE1MDZmMWU4ZWVjMWI3ZmIwYzllMzVhOTExMTI1MjY2MDVhZDg2ODRlNjEzZDUxZWMxYWMwNzI0YjgxY2Q2MDcxZjRiY2MzNjIzMjI5ZDJjODcyZDM2MTA2MWQ4MDEzZTRlNGJjNGI2N2JjMjA5YzM4NTZhY2VjMzNhZDZhM2YyZjAxYTUzYjRkNjI2ZTQxMzUwOTUxNGE1YjA3YmQ2ZjBkOWM4YzBkNTgxYmZiMTk1OGZkM2U2NGRlYWUzMTU3MWMwYmRmNjNlOTkxMjRmZThkYzVmNTU1ZDRhMGQxNjhjODA0OTZiZGVhOGQ0NzcxYTllN2IxYWJlNTk2MDdmMGNmODU2YWQzMzc5ODQ3MDA3OTY4ZTM5OTAxZTZkNDI4NGI0ZTc3OThjMGE3ZjM0OTQzNzczZGI1MTIyNjMwZDUwZmNiNzAyOTE5YTI0ZjZlNThjODczOTMwZDgxNzE0OWUzMWNhODI2YzE4MWQyODQxNDRkNzlhOTA2MmRiYTcyOWVkZmRkYjQ2ZGExMGE0NzhmOWViMjBhNTkyNzEzYzE2NmJjNTI0NGYzMmNkNzJiYTEwYmU4Y2M4YWI1YWY4OWI1NzFhZTliZTc0MTdmY2U4MTQzNDhkMDhkZjVhNjFjNGYwMTY2MjE2YWYxMWU0NGZiNTdiM2U4YmFhYTF8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C8&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=v_wwpoi_azcbclhn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash 22255c1e6a77e7e7e23f467de4e7ad3b
96a3135a29fcd80b99bb013efd256bbba14f1b9f
06d26e6fc22888fb3dfe7a84035f49be74db7a27d4dd862a3bd0d35acc38a231
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /assets/C5ib?d=ZW5jZEBUUG03TXpqVXJxV0poYm50ZGVpaW0xTk1VbklwL0hWaHpkK0UrcGVMUWszSE40VjZBb3BsMC9WK2dCNVVxcEtGWDVGNnhoSGx2c29SYjJWZHJBc0ovQTVGeWN1QjRvcVg3KzM3SHhtcUlzTnhYTitwYy9idE9TZ1hhandMSS84WTN6S3E5cThuTVJoVVlIM1ZKSC8rRVZzV0RjclFxRVJEUnk5VC85OHNOL05rc1UvWUxNZ1grSFREV2N6bUhtUU5pKzRhcEdmeHM3aWFZeWZaMmMrT25Lb2U2b0ZxaUxEWU8vOFlrMDhPc0U3R1lhRW5FTUtaQkhzTVpmTHk0YWJNT1lTUzZQb1Q4QjFuWTJmRWxRZkt2RTNLRnc2Vi9hdkN2bmdvVGM5WVovT0dUVVRIbXU0Q1Z5NWJEdDJxd1B1cmlIdTZjdHpyWU1ZNjNMTk16WDZ1UFJCaUk2ZlNicGZra3ZHVWpGQ29aQzVieFJVWWh2eWJUbnNySm5LZVFJTFZPckhjVVp1d09EWE40OElNdUd0dDY5Wm5vcEFHQlR6S3hZWTEyRXFVOGRXRk01a0srSTB0NU5ITG9DRnU2VGI4Ui9QZlE4QmY0WXRYS1JhZmpadzkxaFF0VWVIMXNZb091QlE4WXhGbmtaVjNxYXRwc3p1WkphQnY2MUdoRlA0ekNLS2p0OWRsbVV1TGduaHRDcnFvWE1oOFRMSkI1YmM1b1pGZzc1NEdxMjR1YnV3a2UwNEJYMkc4cm1xZm02TmJOZTRkbUpFbGhUZGd8YWVlNTE1MDZmMWU4ZWVjMWI3ZmIwYzllMzVhOTExMTI1MjY2MDVhZDg2ODRlNjEzZDUxZWMxYWMwNzI0YjgxY2Q2MDcxZjRiY2MzNjIzMjI5ZDJjODcyZDM2MTA2MWQ4MDEzZTRlNGJjNGI2N2JjMjA5YzM4NTZhY2VjMzNhZDZhM2YyZjAxYTUzYjRkNjI2ZTQxMzUwOTUxNGE1YjA3YmQ2ZjBkOWM4YzBkNTgxYmZiMTk1OGZkM2U2NGRlYWUzMTU3MWMwYmRmNjNlOTkxMjRmZThkYzVmNTU1ZDRhMGQxNjhjODA0OTZiZGVhOGQ0NzcxYTllN2IxYWJlNTk2MDdmMGNmODU2YWQzMzc5ODQ3MDA3OTY4ZTM5OTAxZTZkNDI4NGI0ZTc3OThjMGE3ZjM0OTQzNzczZGI1MTIyNjMwZDUwZmNiNzAyOTE5YTI0ZjZlNThjODczOTMwZDgxNzE0OWUzMWNhODI2YzE4MWQyODQxNDRkNzlhOTA2MmRiYTcyOWVkZmRkYjQ2ZGExMGE0NzhmOWViMjBhNTkyNzEzYzE2NmJjNTI0NGYzMmNkNzJiYTEwYmU4Y2M4YWI1YWY4OWI1NzFhZTliZTc0MTdmY2U4MTQzNDhkMDhkZjVhNjFjNGYwMTY2MjE2YWYxMWU0NGZiNTdiM2U4YmFhYTF8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C8&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=jsonp&c=v_wwpoi_azcbclhn&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 158
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
b0arescured-auth.duckdns.org/assets/ugateway.html?si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250965455
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/ugateway.html?si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250965455
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /assets/ugateway.html?si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250965455 HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh; __gdic=ldub0yrsoh1nhd129
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
b0arescured-auth.duckdns.org/assets/uipaddress.html/discovercard.com/dfs/accounthome/summary/www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/https://snsbank.nl/mijnsns/secure/login/?cid=5&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812251231283
164.92.84.161404 Not Found 315 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/uipaddress.html/discovercard.com/dfs/accounthome/summary/www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/https://snsbank.nl/mijnsns/secure/login/?cid=5&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812251231283
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /assets/uipaddress.html/discovercard.com/dfs/accounthome/summary/www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/https://snsbank.nl/mijnsns/secure/login/?cid=5&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=xframe&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812251231283 HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh; __gdic=ldub0yrsoh1nhd129
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
awuseb.advanced-web-analytics.com/assets/nuadke.html?e=http%3A%2F%2Fb0arescured-auth.duckdns.org&es=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&re=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250591725
54.230.111.115200 OK 0 B URL HTTP/1.1 awuseb.advanced-web-analytics.com/assets/nuadke.html?e=http%3A%2F%2Fb0arescured-auth.duckdns.org&es=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&re=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250591725
IP 54.230.111.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/nuadke.html?e=http%3A%2F%2Fb0arescured-auth.duckdns.org&es=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&re=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php&icid=167577812250591725 HTTP/1.1
Host: awuseb.advanced-web-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Tue, 07 Feb 2023 13:54:32 GMT
Server: haile
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MfKmQCFbzGWyfO-lEDqI-dJrrG4lWM4qRFWVXaoANhQvwlHLY9DNpg==
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash f2b0d71dc78031642fc5a2b4dc128394
b585f281e933f182386b27c62ca34bcdfac244fd
ca55084a2217123bdf961795c9b55685b9c57670ef7cdd681957ab7f78c78a20
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA55084A2217123BDF961795C9B55685B9C57670EF7CDD681957AB7F78C78A20"
Last-Modified: Tue, 07 Feb 2023 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3496
Expires: Tue, 07 Feb 2023 14:52:49 GMT
Date: Tue, 07 Feb 2023 13:54:33 GMT
Connection: keep-alive
bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie
52.247.36.244200 OK 2.0 kB URL HTTP/2 bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie
IP 52.247.36.244:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2036), with no line terminators
Hash 30a2a1e70bac10756edb56c245543225
0521c31965668a3a7d5b86a719a88f21472dbd52
6bdf831d4a791277377807b4f22ac3e48dd4a3d77a3aa747304bc063e85e5173
POST /client/v3.1/web/wup?cid=barbie HTTP/1.1
Host: bup.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://b0arescured-auth.duckdns.org
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 2040
date: Tue, 07 Feb 2023 13:54:31 GMT
server: uvicorn
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 131b8e45-537e-4f71-93fe-05e20c165de8
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
X-Firefox-Spdy: h2
www.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico?ts=20151018
171.161.100.100200 OK 429 B URL HTTP/1.1 www.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico?ts=20151018
IP 171.161.100.100:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 196b078e54a631d79ba6f560d4acb0c6
5889f5149ff0eef44b3efde200eaf1c66139992a
525151028a13175812d197c81dc5337898aaaebecff184b430fc94c94e470053
GET /pa/global-assets/1.0/graphic/favicon.ico?ts=20151018 HTTP/1.1
Host: www.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:03:59 GMT
ETag: "47e-5e658076a32f3"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y-FFsxgbhI4pa2Dij5Q9NAAAACE
Keep-Alive: timeout=40, max=494
Content-Type: image/x-icon
X-Serviced-By: /pa/global-assets/1.0/graphic/favicon.ico--QDwouI1QV0cz8DxkC6mTsQ==--85dKM5Ka94bhXMA0CvHM/Q==
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' *.bac-assets.com cdn.cookielaw.org *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com api.boldchat.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Connection: Keep-Alive
Date: Tue, 07 Feb 2023 13:54:33 GMT
Expires: Wed, 07 Feb 2024 13:40:32 GMT
Age: 842
Content-Length: 429
b0arescured-auth.duckdns.org/assets/C5ib?cid=15%2C13&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=ajax&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
164.92.84.161200 OK 158 B URL HTTP/1.1 b0arescured-auth.duckdns.org/assets/C5ib?cid=15%2C13&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=ajax&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php
IP 164.92.84.161:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash 22255c1e6a77e7e7e23f467de4e7ad3b
96a3135a29fcd80b99bb013efd256bbba14f1b9f
06d26e6fc22888fb3dfe7a84035f49be74db7a27d4dd862a3bd0d35acc38a231
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
POST /assets/C5ib?cid=15%2C13&si=0&e=http%3A%2F%2Fb0arescured-auth.duckdns.org&LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D&t=ajax&eu=http%3A%2F%2Fb0arescured-auth.duckdns.org%2Flogin.php HTTP/1.1
Host: b0arescured-auth.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 2539
Origin: http://b0arescured-auth.duckdns.org
Connection: keep-alive
Referer: http://b0arescured-auth.duckdns.org/login.php
Cookie: LSESSIONID=eyJpIjoiamNjb3RBVFdrRFE1VlY3bEZyVkx6UT09IiwiZSI6IlpcLzRONGpld1pQaXNNZXR0MzdvWHJYSzU4bVd3YSt6czlOZTc0QzdJUHJLR1NxRW5aR2pCZW03SE92cVRxUTB6VGdUcVdkbUx1U080NmJcL3Bpbkl1TEtNc0Eyd25NYitFbXRBSGJHbGxUV09tRkpnOTRnU2R2UVwvV0ZSSEZxNUU0YUtjV29YeXZOa2dlV0NhNjZPRHVPZz09In0%3D.e9d96792951b5280.ZTdkM2E5NjgxMjRlZTZjOWM2NmMyYzUxZWRkMTEyNDFhYTFmNWE1NzJiMDJjNWI4NTU0OWIzMzlmZjJiMjgyOQ%3D%3D; cmTPSet=Y; _cc=ZjFkNmMyYzctMzEzOS00MmRh; __gdic=ldub0yrsoh1nhd129; ___r30306=0.0623687429563
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:54:34 GMT
Server: Apache
Last-Modified: Sun, 09 Oct 2022 21:14:28 GMT
Accept-Ranges: bytes
Content-Length: 158
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive