urlquery - report: 53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2023-02-02 04:09:20 UTC	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2023-02-02 04:10:44 UTC	35.81.157.247
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2023-02-02 04:09:26 UTC	34.120.237.76
r3.o.lencr.org (9)	344	2020-12-02 08:52:13 UTC	2023-02-02 04:09:15 UTC	23.36.77.32
53bankpaymentnoticess.duckdns.org (24)	0	2023-02-02 12:04:23 UTC	2023-02-02 21:18:27 UTC	163.123.141.198	Unknown ranking
firefox.settings.services.mozilla.com (2)	867	2020-05-25 20:06:39 UTC	2023-02-02 04:09:02 UTC	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2023-02-02 04:10:44 UTC	34.160.144.191

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 03:25:59 UTC	2	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-03 03:25:59 UTC	3	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-03 03:25:59 UTC	2	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-03 03:25:59 UTC	3	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-03 03:25:59 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-03 03:26:00 UTC	2	Client IP	163.123.141.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Scan Date	Severity	Indicator	Comment
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_4.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_5.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_1.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_6.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_7.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_8.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_9.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_10.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/index_2.html	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/logo.svg	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBb (...)	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBb (...)	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBb (...)	Phishing
2023-02-03	2	53bankpaymentnoticess.duckdns.org/53bank/gif/icomoon.woff	Phishing

Date	UQ / IDS / BL	URL	IP
2023-02-24 06:11:18 +0000	0 - 4 - 0	www.pndpendvermsk.duckdns.org/	163.123.141.198
2023-02-19 06:36:21 +0000	0 - 4 - 0	holdskeybnk.duckdns.org/	163.123.141.198
2023-02-19 02:36:20 +0000	0 - 4 - 0	vhnkfifth3rdholdbhnkhn.duckdns.org/	163.123.141.198
2023-02-19 02:34:45 +0000	0 - 4 - 0	www.vhnkfifth3rdholdbhnkhn.duckdns.org/	163.123.141.198
2023-02-17 13:46:24 +0000	0 - 4 - 0	www.holdskeybnk.duckdns.org/	163.123.141.198

Date	UQ / IDS / BL	URL	IP
2023-03-31 13:04:35 +0000	0 - 3 - 2	163.123.143.4/download/WW20.exe	163.123.143.4
2023-03-31 13:00:13 +0000	0 - 1 - 3	163.123.143.4/proxies.txt	163.123.143.4
2023-03-30 13:13:00 +0000	0 - 3 - 2	163.123.143.4/download/YT_Client.exe	163.123.143.4
2023-03-30 13:11:07 +0000	0 - 2 - 2	163.123.143.126/bins/dark.arm	163.123.143.126
2023-03-30 13:11:07 +0000	0 - 3 - 2	163.123.143.126/bins/dark.arm7	163.123.143.126

Date	UQ / IDS / BL	URL	IP
2023-02-03 03:25:41 +0000	34 - 28 - 14	53bankpaymentnoticess.duckdns.org/53bank/home (...)	163.123.141.198

Date	UQ / IDS / BL	URL	IP
2023-03-05 10:31:45 +0000	4 - 0 - 140	www.oiklk.com/	185.14.29.199
2023-02-10 03:48:22 +0000	11 - 0 - 5	bochimontagens.com.br/cgi/53-bank-RD248	187.16.239.177
2023-02-05 13:03:24 +0000	11 - 2 - 4	www.waterstudy.org/ohio/	192.185.138.124
2023-02-02 04:52:33 +0000	40 - 17 - 6	53.loginto.me/e03fd300f9fe8ac024ecc83347215a3 (...)	54.172.20.3
2023-02-02 04:14:36 +0000	43 - 17 - 7	53.loginto.me/11d867796d85db8cad5280ac44cec7c (...)	54.172.20.3

HTTP Transactions (44)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922" Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4142 Expires: Fri, 03 Feb 2023 04:34:32 GMT Date: Fri, 03 Feb 2023 03:25:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7e05c8461bd2dc5a149f71e2c465ea29 Sha1: 705983959c887e243cb55a8a1796757b579ee977 Sha256: 4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48" Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9845 Expires: Fri, 03 Feb 2023 06:09:35 GMT Date: Fri, 03 Feb 2023 03:25:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: ec47f9eed203ae063b9c210009de54a9 Sha1: 19ff156471b9cffbc2432c5b65543bdd18e36271 Sha256: 3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
GET /53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1 (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 27a49e9ffed520032d21291ed7ce5f0d91bb6c604903edc5a0b7556d8aababc2 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/html Server: nginx Date: Fri, 03 Feb 2023 03:25:30 GMT Last-Modified: Thu, 02 Feb 2023 12:04:20 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba6c4-1ba2d" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (60701) Size: 20742 Md5: f482d55043a3e4e49e2a3c99acebeb04 Sha1: d92c409ec36166d1d09da3b3c86cbd3ab3582b07 Sha256: 27a49e9ffed520032d21291ed7ce5f0d91bb6c604903edc5a0b7556d8aababc2 Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Fri, 03 Feb 2023 02:43:34 GMT age: 2516 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: ff250d3ef3fa45322bf05039a0122a9f Sha1: b3e7a2c383bce1bab807dbe1a03c375258b51f1d Sha256: d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2727 Expires: Fri, 03 Feb 2023 04:10:57 GMT Date: Fri, 03 Feb 2023 03:25:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 9a76feabb767086ae0fa54e0ffbf763f Sha1: 3655d78994a1e9838340669462728b67c8c12e54 Sha256: bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: CAKJbHlDk7oLCoiyx/iLsBtk+7wzP3EGtKATNi7j+mcydz/OhqbPb4M4aX3CnkLp7GtNCc41ic0LmolleQZwSg== x-amz-request-id: 01J8X209EE2VVGB4 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Fri, 03 Feb 2023 03:23:23 GMT age: 127 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 7b922915ebf1fa3639b333f994c74f24 Sha1: 144a3f80b98fd0652d4614f24cf6cbbee40f8938 Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Fri, 03 Feb 2023 03:25:30 GMT content-length: 12 vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-expose-headers: content-type access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /53bank/index_4.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_4.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 2a56f4d78adf64cadc0e3ff11b054cb539bd549ba0a45942b73e71b4ba57e8f7 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:30 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: af1653e2a01ea0ccad53c6ddc190b707 Sha1: e4c79816c6a1a16b6b5b24fec8470289b744562a Sha256: 2a56f4d78adf64cadc0e3ff11b054cb539bd549ba0a45942b73e71b4ba57e8f7 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_5.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_5.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 0570cd94f08b6d437d9f7ef74bec5f6f8da2e63de1bfdff2af233814498564e3 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:30 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: c581a9b18b7a8ec24d215738e9ea0adc Sha1: baca27511cd20db6a82c9f553337cf2c10651ac7 Sha256: 0570cd94f08b6d437d9f7ef74bec5f6f8da2e63de1bfdff2af233814498564e3 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/autocomplete.css HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/autocomple (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: d061900b7f6cf6041516b910ac98c38113ef26e9494c464011943262b26ee8b6 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Last-Modified: Thu, 02 Feb 2023 12:05:07 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba6f3-d8c" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (624) Size: 1186 Md5: f58b2920f817df886da935510e020f0d Sha1: 6eba04ab9995878e81a3863dfc99503a6f1d478a Sha256: d061900b7f6cf6041516b910ac98c38113ef26e9494c464011943262b26ee8b6 Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/search.css HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/search.css FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 095a5042a2a5133b4babd8947b50e4acba2404f2f46bf2f3585bcbaadb1f762d 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Last-Modified: Thu, 02 Feb 2023 12:04:48 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba6e0-bd2" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 1010 Md5: a19238caec7cdedad8bfef791c99d44d Sha1: cd633fc30afed1665561a5159120190a3e27c82a Sha256: 095a5042a2a5133b4babd8947b50e4acba2404f2f46bf2f3585bcbaadb1f762d Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_1.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_1.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: c9affb31cdd7adb1b3744fbaee123cf23afbaa1cba7a54c7ef5064c70abad736 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: 537eac9ad6c77d7aa2dc888e2a60182f Sha1: 81e3b461c1a184b94a36cd94aa1aa820c3059a06 Sha256: c9affb31cdd7adb1b3744fbaee123cf23afbaa1cba7a54c7ef5064c70abad736 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_6.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_6.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: f0c8272888b6ce4c6ffce7d0244c46d8a4cb0c9ec885c03dbc27663cf0f1fe25 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: 2f47dd9e66e6aaa560c7f4aca80bcb3d Sha1: 7737bc2459ead4d3c9a7d5e2066772a6bb52736c Sha256: f0c8272888b6ce4c6ffce7d0244c46d8a4cb0c9ec885c03dbc27663cf0f1fe25 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/clientlib-fonts.5a90d7c52d8174778542efb1494fd065.css HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/clientlib- (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 1883ace6c3b388f225808f7cd16b2e2014f67c2f00ee0e53b8505e59eb533254 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Last-Modified: Thu, 02 Feb 2023 12:05:26 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba706-1d0c" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 1575 Md5: 125ae67405e4fda79da3a5e1b01a35bb Sha1: 4a2e4ffedd1d5da5c30306b3c224ce131894a8b5 Sha256: 1883ace6c3b388f225808f7cd16b2e2014f67c2f00ee0e53b8505e59eb533254 Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_7.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_7.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 2b5be8b96c395ea1264fc10cf24d1a13a9ddad28909febcc27ff8e778fcccabb 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: 68d220abcfb59965123d14431757ff5a Sha1: 94f9151b6dcb685a6d0e825522ded6ec14ef77bb Sha256: 2b5be8b96c395ea1264fc10cf24d1a13a9ddad28909febcc27ff8e778fcccabb Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_8.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_8.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 768827eee3956162a315738eda3d853bf3366571f215074aa54478e7433673ba 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: 6d3e5837ec3b2f0b522eac7c4644670e Sha1: 8cfd23abd27953873e4df6fcc66135614653c6d0 Sha256: 768827eee3956162a315738eda3d853bf3366571f215074aa54478e7433673ba Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_9.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_9.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 989179f87630e0a8ee59eeecda6cd4697e9c92005a5633d6881fcb46204b92c9 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: 79ca3f25cae685f8361c61f40ab55aee Sha1: 518d799e4dc2143a8a59565ccc5895a532ed24fd Sha256: 989179f87630e0a8ee59eeecda6cd4697e9c92005a5633d6881fcb46204b92c9 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_10.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_10.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: f2ce8b112abe08437a544bec57d3b8b0e04c84492b39a606a725bcad5884bdf9 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 218 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 218 Md5: f6a09fa3a6ba409a5632835fb98500d4 Sha1: 47895bf61df22d5294bb24a5fe2b6449c0d41309 Sha256: f2ce8b112abe08437a544bec57d3b8b0e04c84492b39a606a725bcad5884bdf9 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/clientlib-style.1cebb4c25d6a006184c9b14cdf505b28.css HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/clientlib- (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: b5d49376dee304d28a647332968daf5cd9f2e582f03de1192381a654df6d5ed2 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Last-Modified: Thu, 02 Feb 2023 12:05:03 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba6ef-3a099" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 33184 Md5: 95070f7b1eb917e682404eb7af75f315 Sha1: 29416f3534ab92db74855b7e8369e2e8c20dd487 Sha256: b5d49376dee304d28a647332968daf5cd9f2e582f03de1192381a654df6d5ed2 Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/index_2.html HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac Upgrade-Insecure-Requests: 1	URL: 53bankpaymentnoticess.duckdns.org/53bank/index_2.html FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: ff9f2b1c332f222f6b7d7c49f6c2e09dac0caee55dd8197060119fca6733f776 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 217 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 217 Md5: fe89f330ca21a8a26381a74238faece4 Sha1: 767948052eefd1499cb36039170ab03ea86a866b Sha256: ff9f2b1c332f222f6b7d7c49f6c2e09dac0caee55dd8197060119fca6733f776 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/css.css HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/gif/clientlib-fonts.5a90d7c52d8174778542efb1494fd065.css	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/css.css FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 202b1da65a865153c2e193ee647a15dcc55342adea086298499dace47570de95 163.123.141.198 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Last-Modified: Thu, 02 Feb 2023 12:05:05 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"63dba6f1-304f" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Content-Encoding: gzip --- Additional Info --- Magic: ASCII text Size: 836 Md5: a7aa91773ccfc37cd5768bb3e647ca0d Sha1: 16c7ad2100df0cd5690ef57ff0b41f69e67f2a00 Sha256: 202b1da65a865153c2e193ee647a15dcc55342adea086298499dace47570de95 Alerts: urlquery: - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Fri, 03 Feb 2023 03:07:19 GMT age: 1092 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /53bank/gif/equal_housing_logo.png HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/equal_hous (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45 163.123.141.198 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 2758 Last-Modified: Thu, 02 Feb 2023 12:05:24 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "63dba704-ac6" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 18 x 15, 8-bit colormap, non-interlaced\012- data Size: 2758 Md5: ba4bacebf5dffb84ec9fd4dfb1108a73 Sha1: e4fb3286c17cb7bc8d9f50d9de6a492996e9bd80 Sha256: c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45 Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/logo.svg HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/logo.svg FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: b1b89256aa634d1ec7bd9b9edaeb040d700d35bdc91348c61456102ff238f1d0 163.123.141.198 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 213 Connection: keep-alive Keep-Alive: timeout=60 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 213 Md5: 8b2c817b49d799b293f1b29bca4dd047 Sha1: f952e158b6bb4c9927cb896586fcdea784a337e6 Sha256: b1b89256aa634d1ec7bd9b9edaeb040d700d35bdc91348c61456102ff238f1d0 Alerts: urlquery: - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2 HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/gif/css.css	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs12 (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 578ea33c3a1daec87277cd626647c55f3e0abd72c0673cde0fe40d4fb8fd5579 163.123.141.198 HTTP/1.1 200 OK Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 16712 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 02 Feb 2023 12:04:31 GMT ETag: "4148-5f3b65e0d2eba" Accept-Ranges: bytes --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 16712, version 1.0\012- data Size: 16712 Md5: 1f577b061e6e464e2c949faee6518469 Sha1: 8acf6682f8050be9b4c7fb3e85138971d6fae51c Sha256: 578ea33c3a1daec87277cd626647c55f3e0abd72c0673cde0fe40d4fb8fd5579 Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A" Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10493 Expires: Fri, 03 Feb 2023 06:20:24 GMT Date: Fri, 03 Feb 2023 03:25:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8913af0be619500295008bb91f506660 Sha1: a7b8068ba9aa506205a295b24458c2616997a0d1 Sha256: 6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
GET /53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/gif/css.css	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs12 (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0 163.123.141.198 HTTP/1.1 200 OK Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 16692 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 02 Feb 2023 12:04:33 GMT ETag: "4134-5f3b65e2cbcd6" Accept-Ranges: bytes --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 16692, version 1.0\012- data Size: 16692 Md5: d65113b6da7ba4bd0a59dbda5a7e24d4 Sha1: 929ecf3ad6ab03123a7bad0609b4b8ba1623d4e8 Sha256: cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0 Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2 HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/gif/css.css	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/memSYaGs12 (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79 163.123.141.198 HTTP/1.1 200 OK Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 16408 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 02 Feb 2023 12:04:27 GMT ETag: "4018-5f3b65dd81cd2" Accept-Ranges: bytes --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 16408, version 1.0\012- data Size: 16408 Md5: 875ba54801f7cf83ea70abf613fab665 Sha1: a747343db86c1ba5d10d6cb1814fd6ac6db42b65 Sha256: a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79 Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/icomoon.woff HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/gif/clientlib-fonts.5a90d7c52d8174778542efb1494fd065.css	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/icomoon.woff FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: 1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c 163.123.141.198 HTTP/1.1 200 OK Content-Type: font/woff Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 31620 Last-Modified: Thu, 02 Feb 2023 12:04:38 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "63dba6d6-7b84" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes --- Additional Info --- Magic: Web Open Font Format, TrueType, length 31620, version 1.0\012- data Size: 31620 Md5: a55db942b961e6a7cf7c70dfbca91616 Sha1: 15c5f647c3a9495e0dfcc316311191ce54b409ee Sha256: 1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain Blocklists: - fortinet: Phishing IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/1440x565-ftblue-other.jpg HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/1440x565-f (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae 163.123.141.198 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 65879 Last-Modified: Thu, 02 Feb 2023 12:05:10 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "63dba6f6-10157" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2018:02:23 11:30:46], baseline, precision 8, 1440x565, components 3\012- data Size: 65879 Md5: 01460094e2d6c39a79efeac9725d8827 Sha1: 84913c508530e4b3ea912144be758b40d358f037 Sha256: a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/favicon-16x16.png HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/favicon-16 (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: d7df254755e9212bf50242a91039e2c2e1485000ffd795a8a3e52c21522c4a6b 163.123.141.198 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 1062 Last-Modified: Thu, 02 Feb 2023 12:04:25 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "63dba6c9-426" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Size: 1062 Md5: d78dff827d07973f71be81870d61fbe5 Sha1: 0988755c34c40f7594926eae9c1e039ebffff95c Sha256: d7df254755e9212bf50242a91039e2c2e1485000ffd795a8a3e52c21522c4a6b Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /53bank/gif/android-chrome-192x192.png HTTP/1.1 Host: 53bankpaymentnoticess.duckdns.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac	URL: 53bankpaymentnoticess.duckdns.org/53bank/gif/android-ch (...) FQDN: 53bankpaymentnoticess.duckdns.org IP: 163.123.141.198 HASH: c84fa4b619a90081150350106c4d17279b260f7b0dc6ceea709ec8488cc34466 163.123.141.198 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Fri, 03 Feb 2023 03:25:31 GMT Content-Length: 12219 Last-Modified: Thu, 02 Feb 2023 12:04:40 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "63dba6d8-2fbb" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Size: 12219 Md5: 6196296d6da29c45fa85682fff153ecf Sha1: 3d20183ede291a0f86f7a0a7d7fb81efa8b06c01 Sha256: c84fa4b619a90081150350106c4d17279b260f7b0dc6ceea709ec8488cc34466 Alerts: urlquery: - Phishing - Fifth Third Bank - Suspicious - DynDNS domain IDS: - ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: YQzGXosleCk4yHh+f73FPg== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 35.81.157.247 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 35.81.157.247 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: QgjRzkWB6NI3Jf5PIRxOAbc9m8k= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11207 Expires: Fri, 03 Feb 2023 06:32:20 GMT Date: Fri, 03 Feb 2023 03:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11207 Expires: Fri, 03 Feb 2023 06:32:20 GMT Date: Fri, 03 Feb 2023 03:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11207 Expires: Fri, 03 Feb 2023 06:32:20 GMT Date: Fri, 03 Feb 2023 03:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11207 Expires: Fri, 03 Feb 2023 06:32:20 GMT Date: Fri, 03 Feb 2023 03:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11207 Expires: Fri, 03 Feb 2023 06:32:20 GMT Date: Fri, 03 Feb 2023 03:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8211 x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fflRBHU4IAMFnsw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w== via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google date: Fri, 03 Feb 2023 03:08:32 GMT age: 1021 etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8211 Md5: 114e345e134986d7451148fcea31b29d Sha1: 541e878afee68c8802bb52b0cbbe5a5a0a185392 Sha256: 5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13065 x-amzn-requestid: 20c6f462-0f1f-44d1-9b6b-6afbc4e79e8b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fpYpcELtIAMFvFg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63da07d5-44cd803c0feba28919b0a9ec;Sampled=0 x-amzn-remapped-date: Wed, 01 Feb 2023 06:33:57 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: T3PhGRcHX1X2hn8K_4587fXBrEyuY5Em-b9Jg41uH4uyQXeFoRBIYg== via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:46:56 GMT age: 20317 etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13065 Md5: cf80667db0c35c9c6139eca4ba5d12fd Sha1: 4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590 Sha256: d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 268b5f2557e4f171f33641cc7923d6cd786cba6e056f6656c82113b49b70a3df 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12514 x-amzn-requestid: e5e536fd-15ec-4a9f-a678-c24e6202d0f1 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fY_y3HRSoAMFxUw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d379ab-5137ec566a8ccb4a3628e17a;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 07:13:47 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: KvaWZ_Re1oRbOGg3MDxp5BKPCMAzYqCfVo4n3rf67ppjVO9Pmey4wg== via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:56:23 GMT age: 19750 etag: "058dc594601de546ae391ffa47269b404fee0f02" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12514 Md5: b67f1de5050f7e32226bb0b279e5f450 Sha1: 058dc594601de546ae391ffa47269b404fee0f02 Sha256: 268b5f2557e4f171f33641cc7923d6cd786cba6e056f6656c82113b49b70a3df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff19e1bb3-fc27-4f32-adb9-71a770dc377b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4f400288da817b02e3af1c7d2d51799b46601e4c4380267981d38f25f29d581d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6881 x-amzn-requestid: 5c7730e9-1b96-4233-9d34-62c9cb2c503a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fvfenHp_oAMFQ7Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63dc792a-6e39dafc493e3246775fb2a2;Sampled=0 x-amzn-remapped-date: Fri, 03 Feb 2023 03:02:02 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: ee9Xjsv-QIa5pcq7N769-vidlIQd89G8aqk8wqji1e1CrrTSTZScVA== via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google date: Fri, 03 Feb 2023 03:06:10 GMT etag: "17f9c781bd8352fd848cb3c0243a6447f6f806bb" age: 1163 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6881 Md5: 1266123ea8e2af5a074ba325cf3f876b Sha1: 17f9c781bd8352fd848cb3c0243a6447f6f806bb Sha256: 4f400288da817b02e3af1c7d2d51799b46601e4c4380267981d38f25f29d581d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ab35a5c1a7c1a0a548aee3b9c301893799680ec1922c13e7a16d44ca457cd91d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7237 x-amzn-requestid: f6aa0d26-8df4-40fe-8984-1aac7c76097e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fVr4jEdeIAMFTYA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d2269c-58a038d6491d8f461e9168d4;Sampled=0 x-amzn-remapped-date: Thu, 26 Jan 2023 07:07:08 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: XNO6ArxsjiZTxcoSn1Fmhso5bpWNIvzT9nplF6UGTiHVxXlJiv7bJA== via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:58:40 GMT age: 19613 etag: "bc4c004065ce9f558f210d508844c123a85737a1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7237 Md5: d4242d4999b7b033873b81a482c319c2 Sha1: bc4c004065ce9f558f210d508844c123a85737a1 Sha256: ab35a5c1a7c1a0a548aee3b9c301893799680ec1922c13e7a16d44ca457cd91d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6791 x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ffl96FIzIAMFYGg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 22:14:03 GMT age: 18690 etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6791 Md5: e706db8a6107758a148463e916f2532d Sha1: 4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81 Sha256: 673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172

URL	53bankpaymentnoticess.duckdns.org/53bank/home.html?phN1zzKW7gDONSxWV8uit7zYez7qYady1SNrGoDqNq3bGWyNfUhKKeIJI0q0yOuuLm0KngD0XvRrO2vCwq4GXBWoLHr8PFpInCOGrEqvOtEXsfaj5P8YZYTZGJhtmMZE5mIac
IP	163.123.141.198 (United States)
ASN	#213035 Des Capital B.V.
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2023-02-03 03:25:41 UTC
Status	Loading report..
IDS alerts	28
Blocklist alert	14
urlquery alerts	34 Phishing - Fifth Third Bank Suspicious - DynDNS domain
Tags	fifth_third_bank financial phishing dyndns

Overview

Domain Summary (7)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 163.123.141.198

Last 5 reports on ASN: Des Capital B.V.

Last 1 reports on domain: 53bankpaymentnoticess.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (44)

Overview

Domain Summary (7)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 163.123.141.198

Last 5 reports on ASN: Des Capital B.V.

Last 1 reports on domain: 53bankpaymentnoticess.duckdns.org

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (44)

Network Intrusion Detection Systems