r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8754
Expires: Sat, 25 Mar 2023 07:22:19 GMT
Date: Sat, 25 Mar 2023 04:56:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13f90146df1d559743af6df15c29b77b
6dd24f60629c39f857e3c996084f4d515cf3f8d0
ea5975be17b9cd29c8770939eb5d63ce43c1c44ce9a3a4d04e1e79cd69b30d1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA5975BE17B9CD29C8770939EB5D63CE43C1C44CE9A3A4D04E1E79CD69B30D1C"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Sat, 25 Mar 2023 05:36:57 GMT
Date: Sat, 25 Mar 2023 04:56:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 04:15:21 GMT
content-type: application/json
age: 2464
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9327
Expires: Sat, 25 Mar 2023 07:31:52 GMT
Date: Sat, 25 Mar 2023 04:56:25 GMT
Connection: keep-alive
fpqxepggav.duckdns.org/
199.167.138.75200 OK 2.7 kB IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash dfb42051ef48382e452306aa902fb81b
e82c224d66ee820c00f055d6a3e12b6162cbd45c
bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/html
Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405b0db-2dbd"
Content-Encoding: gzip
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pYDPMgUY/AQsbj2V9QG30OjoiOfcJLU3eF9hQEiRR0FLGK8cpPCJ6ZVJsSF6PXZqqEk/6wSyIog=
x-amz-request-id: JGKVEC23GG4Q6HW5
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 04:54:47 GMT
age: 98
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 04:56:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fpqxepggav.duckdns.org/index/patch.css
199.167.138.75200 OK 103 B URL HTTP/1.1 fpqxepggav.duckdns.org/index/patch.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash 9fb36388079d1c1bcacf56a90667c2b7
34b6de188790e1966c7b7773a3267c9c476506fb
aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/patch.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 103
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Connection: keep-alive
ETag: "634fdab0-67"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/common1.css
199.167.138.75200 OK 734 B URL HTTP/1.1 fpqxepggav.duckdns.org/index/common1.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash dee10f0aebfbcff35bfd219678bb42d2
007221fb5e14cf49a68a825829ad0cf7dcf9d3c1
fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/common1.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 734
Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT
Connection: keep-alive
ETag: "640599ba-2de"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/1.js
199.167.138.75200 OK 2.4 kB URL HTTP/1.1 fpqxepggav.duckdns.org/1.js
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 02ffef9274ad266daf86135590207648
97511eb0f9946b7f24b4eb0056ea424a22d039f4
518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /1.js HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640c51ae-1322"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/index/floating_bnr.css
199.167.138.75200 OK 1.4 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/floating_bnr.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 193d7f2e6dcd5d6b9e4d5b63e011f654
7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b
14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/floating_bnr.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-1066"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/index/autop2022.css
199.167.138.75200 OK 12 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/autop2022.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f1f175ba60778d6c5edc6810a383f093
f3081243b57871612536be750fcc0d65cd88a3b3
4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/autop2022.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdcce-10597"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/2.js
199.167.138.75200 OK 2.4 kB URL HTTP/1.1 fpqxepggav.duckdns.org/2.js
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 329721f20b80af5fb1280099bddaac27
688f423b54134281a440627a7908e69eb1689251
f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /2.js HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6401c5a0-1322"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/web_font.css
199.167.138.75200 OK 659 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/web_font.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 44afde52eb764fb8dc3bdc93fa5bc5de
2ba406581c1ec0adc6ea7d38a30e034b33ba50d3
7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/web_font.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-60b"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/common.css
199.167.138.75200 OK 757 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/common.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (1310), with no line terminators
Hash e02bbaac73c3252d7ce5a435be84b161
47837f273a056846417d6a3bbe6afbdcda6eebd8
3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-532"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/common_smt.css
199.167.138.75200 OK 2.7 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/common_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (10295), with no line terminators
Hash d0927936c38bfcd930ca3da5e3c52ee5
4a8b8ad3ad04e9f64f869a835a98140af50db2ec
2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-2839"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/header_smt.css
199.167.138.75200 OK 4.1 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/header_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a36d01f2f8d693c5c0a054f807c180cf
7cfe2395344f2fdf1750a470369921187bdd8655
310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405611a-4523"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/footer_smt.css
199.167.138.75200 OK 1.8 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/footer_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (6309), with no line terminators
Hash 843e7c6c055493afb4ad28904f9fd86c
a2270b1eb98446c961f0dec5a2b26b0ff622a1f6
e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/footer_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-18b9"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 04:14:33 GMT
age: 2512
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
fpqxepggav.duckdns.org/statica/parts.css
199.167.138.75200 OK 460 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/parts.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (460), with no line terminators
Hash e00eaa3e7d77d4e20ddf0474a2fb6f29
fc6083084099010bd8ff85ac030a0e8dfe546df3
888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 460
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-1cc"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
199.167.138.75200 OK 115 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators
Size 115 kB (114640 bytes)
Hash 54598c23fa78de05f6527eed7fa80ed1
7085981e4eb347229902592d30938ca8afd2173c
e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-de4ea"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/parts_smt.css
199.167.138.75200 OK 12 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/parts_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (57426), with no line terminators
Hash ff1cb1d0787b0bec22ed7b8b043100b4
11e0eb3d35e94aad982f5bd35869504e115eb679
992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-e056"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/header_branding_smt.css
199.167.138.75200 OK 846 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/header_branding_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash a361c29b4c965358cde21dc4e9305dcc
819bbc08ba6f276426d44065f6d2c64f4984fe89
c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_branding_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 846
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-34e"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/header_banner_smt.css
199.167.138.75200 OK 655 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/header_banner_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (1883), with no line terminators
Hash 032a9ee46864dbe108b7bba2b6871471
d1ddc8b64b623190429eda145c6650492917403e
82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_banner_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-75b"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/dynavi_smt.css
199.167.138.75200 OK 694 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/dynavi_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c7e1ee0df3ac5772ea986fa4f8ecdebb
7d20151c9d567ada03df72c00e2f86fc89748eb1
e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/dynavi_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-6f5"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/KDDIto_faq_api_smt.css
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/KDDIto_faq_api_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
fpqxepggav.duckdns.org/statica/chat_tool_smt.css
199.167.138.75200 OK 2.8 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/chat_tool_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 37aaa7f5615d074bc553efd229e73e86
b7bdf072c7b46e3db234e5dec0792538d3e7a533
bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/chat_tool_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-27ad"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/add_modules_smt.css
199.167.138.75200 OK 1.3 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/add_modules_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 1c72c54c8c25879029967d3b1bdcd731
d99e365e83b8a9d9b9a24afe567b6650e45dc9e7
043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/add_modules_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-11fd"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/parts_smt-v2-btn.css
199.167.138.75200 OK 592 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/parts_smt-v2-btn.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash e63ea98f8d1d1bfb1c7f4fbf7ec29ddc
4756a4950b86b3ac17cca82ce5df9107354fe09b
a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2-btn.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 592
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-250"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/osp_parts_ex_smt.css
199.167.138.75200 OK 1.1 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/osp_parts_ex_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4454), with no line terminators
Hash 2c1d9b4379f5d13dec96a1b31c2c8d8d
4ffc40dde93db4259381bb655236a5a48bd94f4d
e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/osp_parts_ex_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-1166"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9421
Expires: Sat, 25 Mar 2023 07:33:26 GMT
Date: Sat, 25 Mar 2023 04:56:25 GMT
Connection: keep-alive
fpqxepggav.duckdns.org/statica/new_footer_user_assessment_log.css
199.167.138.75200 OK 1.8 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/new_footer_user_assessment_log.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (9069), with no line terminators
Hash 3266b365ae2e86e1c4b91925158a6ea0
e1785a5abdc9c771fd06045dd45ec595973ac981
48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/new_footer_user_assessment_log.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-236d"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/font.css
199.167.138.75200 OK 224 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/font.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9e271e79969e236d11e5d6c330a27e4c
f3228388293e37e68c505d8675a7424e48f83c92
49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/font.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Content-Length: 224
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-e0"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/slick.css
199.167.138.75200 OK 1.4 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/slick.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (4948), with no line terminators
Hash 88b54e9bef8c3f14fa0081cfd81c2ee9
f37ba369a45a01e0671140504acddb4ef6890785
b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/slick.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-135c"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/index_smt.css
199.167.138.75200 OK 1.2 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/index_smt.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 19709a1db45f457eaae000605a66c81b
49107bd2722d4b8a63cf89f911bcec873295d5cd
3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/index_smt.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef6-1025"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/style.css
199.167.138.75200 OK 9.1 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/style.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c11a448cf6d6782004873cbd74bcb3c6
97b3b4dbc45777cfee7df6c52ded36f739909c6b
ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/style.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64056790-f213"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/l3-base.css
199.167.138.75200 OK 6.4 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/l3-base.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (41105), with CRLF line terminators
Hash 97abe39b078280fdeac27588893a4184
15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3
d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3-base.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-a093"
Expires: Sat, 25 Mar 2023 16:56:26 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/l3.css
199.167.138.75200 OK 58 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/l3.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (65536), with no line terminators
Hash 30ba2bd45c9c1f382f477bb670a2938c
8433af88f080303a8fe4a52ddb25cfe515aa23e1
3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-9bab0"
Expires: Sat, 25 Mar 2023 16:56:26 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/rf2-style.css
199.167.138.75200 OK 8.3 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/rf2-style.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (37237)
Hash 7d756a6c2884ef06889eb91355f6548a
2e4c1667f6243e63e5bcca8e81416d0e8bfb6506
a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/rf2-style.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6e-91d6"
Expires: Sat, 25 Mar 2023 16:56:26 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/parts_smt-v2.css
199.167.138.75200 OK 45 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/parts_smt-v2.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (8432)
Hash d08aa4e09fbd9fc0e4b37cd033bff0be
d88de5246609ba1a9de33e3c9c3c291bc1191a1c
23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:25 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640566f2-6bf0e"
Expires: Sat, 25 Mar 2023 16:56:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
fpqxepggav.duckdns.org/statica/header_dpoint_area.css
199.167.138.75200 OK 2.0 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/header_dpoint_area.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash d2d019a46a5af2d55d12762ca9c52311
dcf6961dc5c9f240577d9087ece402c36fb456ae
2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_dpoint_area.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faefe-2472"
Expires: Sat, 25 Mar 2023 16:56:26 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
push.services.mozilla.com/
54.189.159.75101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.159.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xfzqTib2snyBe0gvGYsBCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XDfsa4wAeaQarUNNPnbPI9arFoo=
fpqxepggav.duckdns.org/statica/4.jpg
199.167.138.75200 OK 108 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/4.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data
Size 108 kB (108146 bytes)
Hash c7103846b240db4c449ca632246fc3de
c4653a081ded64797cb3c53bd3449e171571fa50
3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/4.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 108146
Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT
Connection: keep-alive
ETag: "635f9478-1a672"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/4.png
199.167.138.75200 OK 15 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/4.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash 57eba58913d5c25bfe947a19b626a1b1
c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff
07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/4.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 14757
Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT
Connection: keep-alive
ETag: "64030a4e-39a5"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/1.png
199.167.138.75200 OK 180 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/1.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data
Size 180 kB (179864 bytes)
Hash 29a6f30386d344e0efcc14770d0d1d8c
106b1a96e74148d4ace4770a6daad86c4e834f3b
66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/1.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 179864
Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT
Connection: keep-alive
ETag: "6405995e-2be98"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/3.jpg
199.167.138.75200 OK 188 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/3.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data
Size 188 kB (188531 bytes)
Hash f1ebd37f4327ecafb79d418b055f059f
ae48973ef810b2e3624abb92b69807898017d593
3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/3.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 188531
Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT
Connection: keep-alive
ETag: "635f9476-2e073"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/2.png
199.167.138.75200 OK 113 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data
Size 113 kB (113029 bytes)
Hash ae1ce68b80e291b2486c2f3b609ec3fc
1841dae5a2ec1248d630e05c7069f06b41d35939
17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/2.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 113029
Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT
Connection: keep-alive
ETag: "6405a017-1b985"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/images_osp/common/spacer.gif
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/images_osp/common/spacer.gif
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/spacer.gif HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/statica/common.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
fpqxepggav.duckdns.org/statica/7.jpg
199.167.138.75200 OK 124 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/7.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data
Size 124 kB (123911 bytes)
Hash b1cd37bcabd72297a68bf6cfe764de4c
6c035767206f56e4efd46f65cec33d0fdfa73fd2
740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/7.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 123911
Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "6405aef6-1e407"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
fpqxepggav.duckdns.org/statica/6.jpg
199.167.138.75200 OK 122 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/6.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data
Size 122 kB (121592 bytes)
Hash cb0b9e48faa29bbfcdf5cc35f1696465
b961c9a4ef305c03131e9fe7dc70ae0245596202
66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/6.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 121592
Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT
Connection: keep-alive
ETag: "6405ae43-1daf8"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/images_osp/common/ico/ico_window03_v2.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/images_osp/common/ico/ico_window03_v2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
fpqxepggav.duckdns.org/statica/print.css
199.167.138.75200 OK 50 B URL HTTP/1.1 fpqxepggav.duckdns.org/statica/print.css
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with no line terminators
Hash 8f05cb9cbc138924e9f3d185685ecf69
5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5
480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/print.css HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/css
Content-Length: 50
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-32"
Expires: Sat, 25 Mar 2023 16:56:26 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/logo.png
199.167.138.75200 OK 6.9 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/logo.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data
Hash ef6107ae35cb87273f441b64e82b6812
821cdfb9557e2bfdc8b418c0262202c563c31a08
e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 6850
Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT
Connection: keep-alive
ETag: "640569b4-1ac2"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/3.png
199.167.138.75200 OK 44 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/3.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data
Hash 02d2e385d6c4d7e75ff925a7915282d5
665f598c06b062aa6fe35d4008ee228dab365dab
a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/3.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 44107
Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT
Connection: keep-alive
ETag: "6405a449-ac4b"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/index/5.png
199.167.138.75200 OK 8.0 kB URL HTTP/1.1 fpqxepggav.duckdns.org/index/5.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data
Hash cec083eb37249a1a1ce260600693308e
e739396204fb0a67470e71198484879fe74ec828
c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/5.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 8029
Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT
Connection: keep-alive
ETag: "6405a4d0-1f5d"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/logo2.png
199.167.138.75200 OK 51 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/logo2.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data
Hash c2f9b38d71fa659a844a1b2aa8f59ea6
16162794ffa73014af78b6d4bf5767e49e624ce3
c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo2.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/png
Content-Length: 51082
Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "64030bf6-c78a"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/1.jpg
199.167.138.75200 OK 119 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/1.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data
Size 119 kB (118591 bytes)
Hash 133901678896931f743ef2d1898a28b8
861d7acdcf76447abaa0f5f9435714fb0770fb70
eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/1.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 118591
Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT
Connection: keep-alive
ETag: "6405ae28-1cf3f"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
fpqxepggav.duckdns.org/statica/2.jpg
199.167.138.75200 OK 158 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/2.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data
Size 158 kB (157972 bytes)
Hash c4181b57111ba6ae847eb865cf7ca451
9eb56efd39dc96af60a119b134ec9b46b6a1e80d
c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/2.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 157972
Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT
Connection: keep-alive
ETag: "6405ae26-26914"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
fpqxepggav.duckdns.org/statica/5.jpg
199.167.138.75200 OK 138 kB URL HTTP/1.1 fpqxepggav.duckdns.org/statica/5.jpg
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data
Size 138 kB (138352 bytes)
Hash 5b02a1521c7f166523443e0fae46dac6
084af4802b306557f667a5b316a1ec0ab33d0cde
17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/5.jpg HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 04:56:26 GMT
Content-Type: image/jpeg
Content-Length: 138352
Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT
Connection: keep-alive
ETag: "6405aea4-21c70"
Expires: Mon, 24 Apr 2023 04:56:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21004
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 04:56:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21004
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 04:56:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21004
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 04:56:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21004
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 04:56:27 GMT
Connection: keep-alive
fpqxepggav.duckdns.org/favicon.ico
199.167.138.75404 Not Found 146 B URL HTTP/1.1 fpqxepggav.duckdns.org/favicon.ico
IP 199.167.138.75:0
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /favicon.ico HTTP/1.1
Host: fpqxepggav.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://fpqxepggav.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679720198030%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998030%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679720198036%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679721998036%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Mar 2023 04:56:27 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46ae0c32-7820-46e1-90ed-738107a0cdf3.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46ae0c32-7820-46e1-90ed-738107a0cdf3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b0d94712547b0292164797a9a1e012c
20f9fbbd9d79edc41cdfe02e9f670c6afa3bf31f
d7123791d821bf3a41ec770c0a814e8d7b25bf6cc9d9f99bf130754391b2772d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46ae0c32-7820-46e1-90ed-738107a0cdf3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12364
x-amzn-requestid: eed5e633-8900-4d33-9676-197cb7afe5c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiu1GXXIAMFbiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-30eb694b637bd2104c05dcf7;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: H_do89fLV5BHRqnLmUuos_MMj_WGWJ5bmCmqUrfaURp531MA5nYayw==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:08 GMT
age: 25999
etag: "20f9fbbd9d79edc41cdfe02e9f670c6afa3bf31f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:13 GMT
age: 25154
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: U1WnpJASpWxPY-8kq-3g3_dKqm5l6UqhA0xUYijO5FDLGAxI2mLthg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 05:35:57 GMT
age: 84030
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4160b82-5435-4953-972b-ec17ed6cfabb.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4160b82-5435-4953-972b-ec17ed6cfabb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a181b1a0f36b14bbd372dedf341a5bfc
f86e75abebaa04f5a32c71b333f4ffe4c558025f
ab96058001db408e27be4d86eb9e2b688ba1691f206f4639971c5eb245ea5a4b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4160b82-5435-4953-972b-ec17ed6cfabb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: 0462dd66-7dc9-4339-89a1-467b3e39b392
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzFHfIAMFVyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-452c60524b5562dc5fda941a;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: usehpOA6Rgi0ehv2QGrAOAshAu9i0q9G3Fae44xd2mRX2JPfKPR_Nw==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:11 GMT
age: 25156
etag: "f86e75abebaa04f5a32c71b333f4ffe4c558025f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9ba4de6-98de-4bbb-8cee-1e9406df15a7.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9ba4de6-98de-4bbb-8cee-1e9406df15a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2bd487b862ec91320ede1a5c1baaa622
a8d3459c0e8da97377572f535ab66edac7aa864b
15f2c6582922c0924062cb3c8b9f4cfa8707141369a7a5202c1a3656c16077ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9ba4de6-98de-4bbb-8cee-1e9406df15a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13966
x-amzn-requestid: 76c8e3c8-5d75-4e31-95b9-cb2bb007105e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK9SEG3KoAMFsQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa8d9-6f6c7c9e762f902705821c1a;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:06:01 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: y2ApHwpvFUTMc_kEhje_SXgUJUNShd77At-BqIqPC4-4xcDZ5AJDnQ==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 07:20:42 GMT
age: 77745
etag: "a8d3459c0e8da97377572f535ab66edac7aa864b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70169fbc493bf12f91f072aa3a30ddde
4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d
8b5fc3c8421d5696522231c3490a0853709897f5c9b645bd5e84398cf84089aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12071
x-amzn-requestid: 02bb2a93-c0aa-4d43-aa99-759a0418bc20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfGHYoAMF8BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-2258162e1901b5cd6e7144d3;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: n7Xm67vDO9_X3Xoe2HXJs4Y9dLE6cZgx16lmW7c3KHv-sOg7rZo9wg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:47:23 GMT
age: 25744
etag: "4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2