Report - ekykdkgkpq.duckdns.org/

Report Overview

Submitted URL
ekykdkgkpq.duckdns.org/
IP
74.201.25.112
ASN
#35913 DEDIPATH-LLC
Submitted
2023-03-13 03:35:25
Access
public
Website Title
Final URL
Tags
softbank financial phishing dyndns
urlquery detections
Phishing - SoftBank
Suspicious - DynDNS domain

Detections

urlquery
23
Network Intrusion Detection
7
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-24T16:33:49Z	3.2 kB	45 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T05:09:02Z	2.7 kB	7.1 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-24T18:14:23Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-24T18:20:20Z	413 B	5.9 kB	34.160.144.191
ekykdkgkpq.duckdns.org	unknown	2023-03-07T14:10:04Z	2023-03-19T12:28:21Z	7.6 kB	19 kB	74.201.25.112
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-25T05:09:25Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-24T18:17:07Z	606 B	127 B	54.200.178.235
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-25T05:09:35Z	361 B	2.0 kB	151.101.130.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-13 03:35:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-13 03:35:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-13 03:35:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-13 03:35:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-03-13 03:35:15	medium	Client IP	74.201.25.112	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-03-13 03:35:15	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-03-13 03:35:15	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group
2023-03-11	medium	ekykdkgkpq.duckdns.org/	SoftBank Group

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-13	medium	ekykdkgkpq.duckdns.org/	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/static/softbank/layui.js	Phishing
2023-03-13	medium	ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	ekykdkgkpq.duckdns.org/	224 B	2023-03-07	2023-06-08
Pretty URL ekykdkgkpq.duckdns.org/ IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:25:30 Last Seen2023-06-08 13:46:06 Times Seen804 Hash 775d44c5d8f52309e925d061c7ed0040 bd828211c8c0fa7920ca967accf14c7d002555ad 17748922ae1ddf0d854c97d050452d96381a10ac0cb6cf950f611f00d7a03579 Loading...

	ekykdkgkpq.duckdns.org/	1.7 kB	2023-03-26	2023-03-26
Pretty URL ekykdkgkpq.duckdns.org/ IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:45:21 Last Seen2023-03-26 04:45:21 Times Seen1 Hash a18021c6b60869395afebce69ecf7953 ed5e9b61cbf1922e87168312bd4941bfce088cd0 d77eabdf6f9a0dd38ebb0b4e09b771dde33eb96dac929bb0de6df38e0d8efc66 Loading...

	ekykdkgkpq.duckdns.org/static/js/gs1.js	4.9 kB	2023-03-25	2023-03-26
Pretty URL ekykdkgkpq.duckdns.org/static/js/gs1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:10:12 Last Seen2023-03-26 04:47:41 Times Seen38 Hash 8f9f770956c3d6658e4051a04e1bd0aa ca300b0a3d9a54cd5a0337c95786336a606424d9 d20fdc6cc21fa61d9a3be5f3a3f9500d6ab4775261a7da9d4beef2709f17ef43 Loading...

	ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 06:14:09 Times Seen106259 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js	5.6 kB	2023-03-08	2023-06-08
Pretty URL ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:43:26 Last Seen2023-06-08 13:46:05 Times Seen866 Hash 8667123d1354242581f97508b9443cff 88ff78fca0852d4b521962c8f09ab1fda30f962b a47f5828375f1660b81e10e39bc367bd8502697d6e0e93a520b1a26f6eee1862 Loading...

	ekykdkgkpq.duckdns.org/static/softbank/layui.js	291 kB	2023-03-07	2024-04-26
Pretty URL ekykdkgkpq.duckdns.org/static/softbank/layui.js IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:06 Last Seen2024-04-26 00:58:55 Times Seen2522 Hash 283f389e9b4f41b323ca7cf7bdd8b46a b6e72add2fa95aa177e6fe807b875c9a7f22bc5c bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e Loading...

	ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js	3.1 kB	2023-03-07	2024-04-26
Pretty URL ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-26 06:11:28 Times Seen9160 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	ekykdkgkpq.duckdns.org/	224 B	2023-03-25	2023-06-08
Pretty URL ekykdkgkpq.duckdns.org/ IP 74.201.25.112 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:10:12 Last Seen2023-06-08 13:46:06 Times Seen803 Hash 0370d4660895ab60d6849a31857de6b3 a3923a5568136aca7a34276ef978eb1316c5f9da 3b031c3d0c5141f9521eca353e19659c426acbb3ef373aa084aaf26efadd20d2 Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4424
Expires: Mon, 13 Mar 2023 04:48:58 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7a9cb518d929d10c471394adc89cdfa
d609cb0d94e645141ab1372f19c014c1b00b83af
200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9794
Expires: Mon, 13 Mar 2023 06:18:28 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5643
Expires: Mon, 13 Mar 2023 05:09:17 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 03:09:19 GMT
content-type: application/json
age: 1555
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hLII2seOZgs3rEGmkS5prVSWJgTy789bf8edKUFJ8epn8IF+0KYITl4veIc/CmH99tNBKsRRdzk=
x-amz-request-id: MYS2GVHPK2SDEZ3T
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 02:46:12 GMT
age: 2942
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/

74.201.25.112

301 Moved Permanently

162 B

URL HTTP/1.1
ekykdkgkpq.duckdns.org/
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 13 Mar 2023 03:35:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ekykdkgkpq.duckdns.org/
Strict-Transport-Security: max-age=31536000

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:15 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Pragma, Last-Modified, ETag, Retry-After, Cache-Control, Content-Type, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 03:12:32 GMT
age: 1363
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cf2b4f5e0ed98f1edf20e8b09304b1df
cec361b4db759b70420d537e5effc24687a339b9
e859db0f306a12c49a62d7ddb5d4e5ee22249b46ba44810df8292189c43ac590

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E859DB0F306A12C49A62D7DDB5D4E5EE22249B46BA44810DF8292189C43AC590"
Last-Modified: Sun, 12 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Mon, 13 Mar 2023 09:35:06 GMT
Date: Mon, 13 Mar 2023 03:35:15 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5333
Expires: Mon, 13 Mar 2023 05:04:08 GMT
Date: Mon, 13 Mar 2023 03:35:15 GMT
Connection: keep-alive

push.services.mozilla.com/

54.200.178.235

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.200.178.235:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mZzV5HP4aB+q57Q588HXIQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 49QrXAYQijeYyEuX3MqsmiMlHlk=

ekykdkgkpq.duckdns.org/static/softbank/notice_pcidss_y_tls.css

74.201.25.112

200 OK

940 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/notice_pcidss_y_tls.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
ASCII text, with CRLF line terminators
Size
940 B (940 bytes)
Hash
76e2029c69482dcf83b9573ab90c2a4e
e86d76f2ae6f4585c73cd6ab9c7d8b8d4483eb50
59a15b6d9f1bdcf5fbc2e5efe9a49b119d16bba1fbd80610a1d79119535aa00e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SoftBank
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/notice_pcidss_y_tls.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
content-length: 940
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/switch_blind.png

74.201.25.112

200 OK

261 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/switch_blind.png
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
PNG image data, 106 x 99, 8-bit/color RGBA, non-interlaced\012- data
Size
261 B (261 bytes)
Hash
090b7c00bb9d737051208f9f6fe4219e
3c0078e827dcdfc2ed221b634d6abc759b1cd744
84c682ba3502718b4d5022a461d4d2ed1c162ab2d28d6aad64f8ff807309c9d4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SoftBank
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/switch_blind.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 261
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/logo-header-mysb.png

74.201.25.112

200 OK

8.0 kB

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/logo-header-mysb.png
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
PNG image data, 278 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7953 bytes)
Hash
72556b495c853060bbc5fc8ab58bf3d8
d4c0a94327b86923a8e4f841d50c9d73d52d4691
ca466c36e848b86b42a891a40f896392a88040c80a90dc186d27019478882bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SoftBank
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/logo-header-mysb.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 7953
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/site-logo.png

74.201.25.112

200 OK

2.7 kB

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/site-logo.png
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
PNG image data, 258 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2693 bytes)
Hash
7a07ed34fb472dd9c92b0faf34b7eea1
7048c507ad782a1d6e2ccc7c83d0e024d7c8ddbf
df3d1608e4ab20082b5556e209ea790f16cfaabe519e1f26d4f23986191c967c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SoftBank
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/site-logo.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 2693
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsgccr3dvtlsca2020

151.101.130.133

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
151.101.130.133:0
ASN
#54113 FASTLY

File type
data
Size
1.4 kB (1414 bytes)
Hash
96e84b616dbad97b2a516d9bc49881f2
ee06fdb295665c626a8789a86c9bd6f90b8be0ce
517985200d0f6f77a1aeee79232513520c8d5311221817663f2ea0fdea989351

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Fri, 17 Mar 2023 02:51:05 GMT
ETag: "ee06fdb295665c626a8789a86c9bd6f90b8be0ce"
Last-Modified: Mon, 13 Mar 2023 02:51:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Mar 2023 03:35:16 GMT
Age: 2650
X-Served-By: cache-qpg1233-QPG, cache-bma1658-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1
X-Timer: S1678678517.974165,VS0,VE1

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5853 bytes)
Hash
bbfef97312a1bc4792615717a63a48ba
1008882db3829f830b0f58c9c5b09792e844a31b
2b096364b450b4845252b7a22a9f9aadadf220e7a6a4134558647d308529d2a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5853
x-amzn-requestid: c8b1593f-4bd9-452d-a904-87b58194d599
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WlHEwoAMFyqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c3-461a986e5a5544cf574899e4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C6xTwOtJHWOoB4SIZ7qDzhmjdyRpZtrJEQ4iSWw5SHWVIKSxfirSCw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:13:56 GMT
age: 19281
etag: "1008882db3829f830b0f58c9c5b09792e844a31b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c0a9a22-dda8-46a3-86d8-c629f30ace09.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6231 bytes)
Hash
e55f467b2a43b23a928d3190cac816df
818acb3fc2246e0560a0b07aa4aedd833ee5cf93
577923cdee309c4c82a7ddcc7447b23ad3f4e2b9968596f2850899d2c457e1f6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c0a9a22-dda8-46a3-86d8-c629f30ace09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6231
x-amzn-requestid: 414eb829-0850-4059-a314-1690eea63c79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WwGeTIAMFoaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c4-6820e63442da098049934d27;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: W-BqnUFYDaFGuHIVYpEOX0HEq86rFEkqQ90xV2qFvIweJdtaO0eScg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:17:01 GMT
etag: "818acb3fc2246e0560a0b07aa4aedd833ee5cf93"
content-type: image/jpeg
age: 19096
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a275078-bdc8-4724-9c53-d20550667d65.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7227 bytes)
Hash
5fed1fec18aeb57b5a0097791aae3c5a
21b48434431c86d0d5292f65fc2b05d9eb674372
2a7170911dd5fb1b6b4c92e1aa6e24baafd863243299431a15bd82e93c4f2b7d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a275078-bdc8-4724-9c53-d20550667d65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7227
x-amzn-requestid: 4db2047b-7913-42a0-8ad0-8bc22ecb12d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_jEFc7oAMF1tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e4613-75e600687c46bf981318d5d4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sLgDEVYdforlmpkwzGt3mDquGKh_pN93QSabLVcOZvjovkzT45Kkmg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:13:45 GMT
age: 19292
etag: "21b48434431c86d0d5292f65fc2b05d9eb674372"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde56a182-6d55-402d-b240-1fe8746a0a76.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4743 bytes)
Hash
780098f209d535b5c802e280f41c2ed7
6d895fec65f4d11af82d1a417fdec5d2df2a9cd1
5b66b48774c284e271f0e4938e304b98e8e3642c9e479768b64fe4186055e886

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde56a182-6d55-402d-b240-1fe8746a0a76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4743
x-amzn-requestid: 307f30a9-ba32-4ff5-a987-990d05f07b64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BpjcvEHvIAMFR-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640d4c51-3f20ae277aa76e175a7a3c44;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 03:51:45 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: GK32TQleZvqJHU-cz2Je8NZ9Bs3VPw0qaWuLVsWRK_o5WQxzwQvjKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:17:15 GMT
age: 19082
etag: "6d895fec65f4d11af82d1a417fdec5d2df2a9cd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8487 bytes)
Hash
be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: U2JtuJiGI7wXfW-kOhXKGMyrnuAYscw1mSptG-Yss3513ZFhYms3jA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:27 GMT
age: 21170
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53263bb2-8b93-4fc3-b1a1-248444d42c74.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6530 bytes)
Hash
51be243027a8ad61b954a2baf798e9c4
cb34aa7c5322764bf9c0a084e49441d2e4cb00ca
e877f77e579ca134a2c251ab859bb17f838aba6ee2a74f73288c2f4c2a0df3ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53263bb2-8b93-4fc3-b1a1-248444d42c74.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6530
x-amzn-requestid: 5a3dff03-7e73-42ad-a613-8107f020b77e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_UkHnxIAMFTzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45b6-50a318d10364e57152410b77;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F0TDNNf5ACg6lgdRnL8NjBjeNNtTamoara1Fq09a8IA3TtdXQoiI5g==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:07:40 GMT
age: 19657
etag: "cb34aa7c5322764bf9c0a084e49441d2e4cb00ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js

74.201.25.112

200 OK

1.4 kB

URL HTTP/2
ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type
ASCII text
Size
1.4 kB (1421 bytes)
Hash
4cd3995bf9a06595ba9f10c4e930daa8
0aa715c082f5a12174f0f827372e3aa5fe2116bf
5c6855225fbc78fdbadc7416c2e16b5bcd449424098a6d69c583d0a396ca479e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SoftBank
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

HTTP Headers

GET /static/js/jquery.cookie.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:15 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=ea053d4e60a17fab27bd366852d3e047; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/mysb-common.css

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/mysb-common.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/mysb-common.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/css/jquery.loadmask.css

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/css/jquery.loadmask.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/css/jquery.loadmask.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:42 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1

74.201.25.112

404 Not Found

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

HTTP Headers

GET /static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047; __tins__21564627=%7B%22sid%22%3A%201678678516558%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201678680316558%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/style.css

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/style.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/style.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/mysb-temporary.css

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/mysb-temporary.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/mysb-temporary.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/layer.css

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/layer.css
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group

HTTP Headers

GET /static/softbank/layer.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

HTTP Headers

GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/softbank/layui.js

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/softbank/layui.js
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

HTTP Headers

GET /static/softbank/layui.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js

74.201.25.112

200 OK

0 B

URL HTTP/2
ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js
IP
74.201.25.112:0
ASN
#35913 DEDIPATH-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	SoftBank Group
fortinet	Phishing

HTTP Headers

GET /static/js/jquery.loadmask.min.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML