qhfhrvxgtj.duckdns.org/
179.43.149.17200 OK 16 kB IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash b476ce761c1500c31c50362aa2e2b001
4ccbcf65215adebbf1a736063a50269085c648f6
4221242c1db13887821ed4600a955addd90c5ae57c8a770a628f0ff96976d597
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
X-Powered-By: PHP/7.1.33
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12026
Expires: Sun, 05 Feb 2023 12:45:28 GMT
Date: Sun, 05 Feb 2023 09:25:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13017
Expires: Sun, 05 Feb 2023 13:01:59 GMT
Date: Sun, 05 Feb 2023 09:25:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 08:33:54 GMT
content-type: application/json
age: 3068
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8320
Expires: Sun, 05 Feb 2023 11:43:42 GMT
Date: Sun, 05 Feb 2023 09:25:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FyvR4mc3Zz11mu7SlsTjiVkAj8DoB2Tzv1mAKVbRLiVI4nZHKlFWsNGSK6CnNXV6g6XMoApBHK8=
x-amz-request-id: RTAY8GPEQDM98W58
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 08:53:12 GMT
age: 1910
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,300,700
142.250.74.106200 OK 386 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lato:400,300,700
IP 142.250.74.106:0
Hash 88aba26970ea41ba4a8d4a0ec987d39e
d81dcd9677b15fd128f3b06a1e4c8047e19a659b
55040a618035f8ebaffe610905b981b9f9334ec7928395e20a0cfbdb720da3ee
GET /css?family=Lato:400,300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 05 Feb 2023 09:25:02 GMT
Date: Sun, 05 Feb 2023 09:25:02 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 09:25:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
172.67.69.29200 OK 8.3 kB URL HTTP/1.1 code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP 172.67.69.29:0
File type Unicode text, UTF-8 text, with very long lines (50806)
Hash 652781f3156417c4958cf88f5b0fd946
d7549932680e6e63ff005cf094e27f30762cc2d9
91696649e6ea1e5e2f0a1ac990482eaa301465d8302eb4a24ea8996fc2409dbc
GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 8313
Connection: keep-alive
Last-Modified: Fri, 28 Oct 2022 02:55:05 GMT
Access-Control-Allow-Origin: *
ETag: W/"635b4489-c854"
expires: Sun, 05 Feb 2023 03:40:34 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: 6E1A:8509:24D341B:26463AD:63DF2397
Via: 1.1 varnish
Age: 15473
X-Served-By: cache-bma1683-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1675573629.402251,VS0,VE1
Vary: Accept-Encoding
X-Fastly-Request-ID: 2b0a51a8d72ca7197e4712b2596e8a2ecbd987d2
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbr2dinw70IxvSAfMV6Qst9GDOH5UBi9UUQuHe7EhM4MzKG9w1cjdCrfFjiGRT7LV3Atb8K27hpa%2FvgHgvI97kQkBo2wVZrrGjS3zwmavbSnfZ3e0xRDewXv%2B7hz7lCVW2RLKQIMRO3L"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794a98b259e1b51e-OSL
alt-svc: h2=":443"; ma=60
qhfhrvxgtj.duckdns.org/css/owl.carousel.css
179.43.149.17200 OK 4.6 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/owl.carousel.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash b51416af9e8adbe3d16f5f2526aba221
097c8d67412f44534449ed4cadc6dd22b025801d
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/owl.carousel.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1206-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 4614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/css/responsive.css
179.43.149.17200 OK 2.1 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/responsive.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash e1d0cd3c8d6d29d24aef915cb4da5b29
0dd2140da190e7f9ca4bf9eec42cf6af9e268484
a6c274f085ba8d281e715ae0dfcdddee04f76196cdc71d9dc1403e91fa5c0123
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/responsive.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "80f-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/css/font-awesome.min.css
179.43.149.17200 OK 22 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/font-awesome.min.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (21822)
Hash feda974a77ea5783b8be673f142b7c88
b71d1c7c315b67c614563382d1c2a868ac14d729
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/font-awesome.min.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "55e0-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21984
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/css/main.css
179.43.149.17200 OK 18 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/main.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash 976a85850fd9c2dc8b9f67c975ee08b0
ecd2dfde1e7c5b90ddc116b8d38f14cf0c361c64
b218230494c356941b5afcb3e1f2fb8d03950b02bd79d76a935276503a53ab5e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/main.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4452-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 17490
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/css/animate.css
179.43.149.17200 OK 74 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/animate.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with CRLF line terminators
Hash 3a5e1fcbbef53d830e580efc7b32d0b1
619625d017eadd7f30156ae2237f23ae7cc3b68d
668b90c3bed422fa7ce2453a294ceb2fd81419d2ad13813d53e8501072d79f16
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/animate.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "12279-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 74361
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/js/jquery.lwtCountdown-1.0.js
179.43.149.17200 OK 5.2 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/jquery.lwtCountdown-1.0.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with CRLF line terminators
Hash 2356a2380e099ee017e2800dc1448509
e2ff5607657bd0a45c0b7765d87d502cb16bd141
47ab023691eeed8f1eff1479fb882b115dd905ca3dabd01171f0896c6a2e52dc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/jquery.lwtCountdown-1.0.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1444-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5188
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/bootstrap.min.js
179.43.149.17200 OK 29 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/bootstrap.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (28928)
Hash e1d08589ec26bec3a81625ce274d76d9
c6a8a0f02ee0ecd975226ae4b38e9660750d1f93
03bf371e3ca4739cfe6bea61f0126b7cbb94e4713e970651f9acd5acb3d9e399
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/bootstrap.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "71a9-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 29097
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/vendor/modernizr-2.6.2.min.js
179.43.149.17200 OK 15 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/vendor/modernizr-2.6.2.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type HTML document, ASCII text, with very long lines (14756)
Hash 42306a279a9e831515347ae319181cd1
d069641242e4fe1beb6de8f53a77dd964c98bce0
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/vendor/modernizr-2.6.2.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "3c36-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 15414
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 09:25:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qhfhrvxgtj.duckdns.org/js/owl.carousel.min.js
179.43.149.17200 OK 40 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/owl.carousel.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (32068)
Hash ffaa3c82ad2c6e216e68aca44746e1be
2fa7c468110fa68f1f3df6718daf971871623ee9
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/owl.carousel.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9dd1-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 40401
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/jquery.form.js
179.43.149.17200 OK 39 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/jquery.form.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash 529b65010afdc2aac6389b647908f5b8
96828fd4ab8a75a96338df88f986b36c7e754fef
800c1c83a86f7fe665ac6d49c6370e2f045f70f5c7859ef4a0e686b4759e46b3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/jquery.form.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9944-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 39236
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/jquery.nav.js
179.43.149.17200 OK 5.1 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/jquery.nav.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash a33571eb2591514e45765696e5d92c9f
e680863a86670bf2d8e0b1f5b33c267f0ddc5cd1
707a967916ff7ca8411b995ff078ee44fcbb627bbb11f067643f7a6ab7f99806
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/jquery.nav.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1412-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5138
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/vendor/jquery-1.10.2.min.js
179.43.149.17200 OK 93 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/vendor/jquery-1.10.2.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (32072)
Hash 628072e7212db1e8cdacb22b21752cda
0511abe9863c2ea7084efa7e24d1d86c5b3974f1
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/vendor/jquery-1.10.2.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "16bb3-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 93107
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/jquery.sticky.js
179.43.149.17200 OK 5.7 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/jquery.sticky.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash 1207f10dca0217442912cb14dfcac518
341a3c047fbb6916ef9f27026c239682286acea4
e2625c28848cbca930c42cf94c85201372302f87978932e468d75466addc23e6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/jquery.sticky.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1616-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5654
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
maps.googleapis.com/maps/api/js?sensor=false
142.250.74.170200 OK 53 kB URL HTTP/2 maps.googleapis.com/maps/api/js?sensor=false
IP 142.250.74.170:0
File type ASCII text, with very long lines (2590)
Hash edb66b0c04834a5a4c33a59aa5b4cdc8
c1533dfd5fc50e10f40f0aea9e76f06a4b0194ab
44e9cce5a8d885fa66012e10aa01b517d158a9a25561ea42a35c1b7813831253
GET /maps/api/js?sensor=false HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Sun, 05 Feb 2023 09:25:02 GMT
expires: Sun, 05 Feb 2023 09:55:02 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 53234
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=20
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
qhfhrvxgtj.duckdns.org/js/plugins.js
179.43.149.17200 OK 733 B URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/plugins.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash e2679049e95a7201b815c3cf004aefc4
ea250a66815d0665a9b5677991eaaba789bfc125
267f86b986829cb9a3c46b9fcdbc56783bb923005ba5ef5b27efce504e72ecfa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/plugins.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2dd-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 733
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/js/wow.min.js
179.43.149.17200 OK 8.2 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/wow.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (8152), with CRLF line terminators
Hash ed4b12ef0f7e4bf5d5ff3555d18718cb
258fa26dec8fcf4769d49eaca6712ef56923673e
3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/wow.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1ff7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 8183
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/images/logo.png
179.43.149.17200 OK 2.9 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/logo.png
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type PNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash f1cedb063e892e4a6fc28debab3991d3
7aaa53e578ee41eaa3386f4ba46d1b743cac33a7
cafcc94334619aa80a69e0f636d141a077a6637baa5d1c91a1c69754e103ad29
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/logo.png HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "b67-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2919
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
qhfhrvxgtj.duckdns.org/images/logo-2.png
179.43.149.17200 OK 3.1 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/logo-2.png
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type PNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash 34313a55d45b5d3dc82e66375ba40959
4c069abfa6830afc1f3bdcac91a578305bf724ff
1d852dd760d6559755a02a425f4c04eb324c5527aa7399a5caebdcbdc440fe63
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/logo-2.png HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c30-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 3120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
qhfhrvxgtj.duckdns.org/js/main.js
179.43.149.17200 OK 4.9 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/main.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type ASCII text, with very long lines (624)
Hash 8a7f1358e65bad790f1f1c24da310aea
aa44e2bb61cdbc57271759d77d4b7803e1ef95a0
bd6808f1443357a7c2208297567f99f4a8ba54a538d0283e105721e42b40ddbc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/main.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 08 Aug 2019 14:49:46 GMT
ETag: "12f3-58f9c2b333680"
Accept-Ranges: bytes
Content-Length: 4851
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/images/about/2.jpg
179.43.149.17200 OK 35 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/about/2.jpg
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3\012- data
Hash 0469883b7145c611a0c8e6b35c36c47a
5968d37e9b010abce7310ea7f1269f5a86a3bb8b
ac159666c682b3bb62b42ef7c40e5a8d4cac710023c8fa9cef3a2904ad21e0ae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/about/2.jpg HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "889e-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 34974
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
qhfhrvxgtj.duckdns.org/images/about/3.jpg
179.43.149.17200 OK 20 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/about/3.jpg
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3\012- data
Hash 013f04fd325d58987e2c4e08e932520d
b0a8fce45b78e22ec107795c8d17d201330c10c6
c949f61bddcf29f511f03c50ec73191ff88b9349ede7a1439aaaa98488d535ba
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/about/3.jpg HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4c50-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 19536
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 09:25:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qhfhrvxgtj.duckdns.org/images/call-to-action.jpg
179.43.149.17200 OK 43 kB URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/call-to-action.jpg
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1300x244, components 3\012- data
Hash 1e9c6392580fd69806cb33c660db4400
4390b6bb6ef3defa933440bfb724154fd3a86736
38095634a28976784e0261cb081847145b97c910b510b86ead6e46c7abf71435
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/call-to-action.jpg HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/css/main.css
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "a641-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 42561
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Hash 716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
GET /s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://qhfhrvxgtj.duckdns.org
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 03 Feb 2023 10:45:33 GMT
Expires: Sat, 03 Feb 2024 10:45:33 GMT
Cache-Control: public, max-age=31536000
Age: 167969
Last-Modified: Tue, 26 Apr 2022 16:04:12 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://qhfhrvxgtj.duckdns.org
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 03 Feb 2023 02:11:00 GMT
Expires: Sat, 03 Feb 2024 02:11:00 GMT
Cache-Control: public, max-age=31536000
Age: 198842
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Content-Type: font/woff2
code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1
172.67.69.29200 OK 110 kB URL HTTP/1.1 code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1
IP 172.67.69.29:0
File type TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh\012- data
Size 110 kB (110019 bytes)
Hash fe88542d0c98a10d8c70c958d82541f8
b2c7d8fc28d6126a758378aa22bcb252e1bb2a34
0f69b635b4b7749aa0e52d46b21a3610adf40618ee1e83dc2c0653c29432c80d
GET /ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://qhfhrvxgtj.duckdns.org
Connection: keep-alive
Referer: http://code.ionicframework.com/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Content-Type: font/ttf
Content-Length: 110019
Connection: keep-alive
x-origin-cache: HIT
Last-Modified: Fri, 28 Oct 2022 02:55:05 GMT
Access-Control-Allow-Origin: *
ETag: W/"635b4489-2e05c"
expires: Fri, 03 Feb 2023 20:56:52 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: E2AA:7D7D:12CE3E2:18AAE3A:63DD7345
Via: 1.1 varnish
X-Served-By: cache-bma1652-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1675589103.789087,VS0,VE2
Vary: Accept-Encoding
X-Fastly-Request-ID: c2647fbd0bf3628994fe9e2a351d08a9bdc2ffe2
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=McDwIr%2BkGsRlb2lzDQCwxcFVbk%2FZG%2BCcMLIIYc5Lf3Xrxk%2FILTn6bMmAmuudlJSCIHJSYJS3AFbRSLf0ZReRmakaP3s%2FVxNyPqZT%2FwTo6wT9Mj%2BReEJcEVdktswhDB3GjJebnH6i6tOb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794a98b45f1c0b61-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://qhfhrvxgtj.duckdns.org
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23040
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 01 Feb 2023 06:42:09 GMT
Expires: Thu, 01 Feb 2024 06:42:09 GMT
Cache-Control: public, max-age=31536000
Age: 355373
Last-Modified: Tue, 26 Apr 2022 15:56:42 GMT
Content-Type: font/woff2
qhfhrvxgtj.duckdns.org/css/bootstrap.min.css
179.43.149.17200 OK 0 B URL HTTP/1.1 qhfhrvxgtj.duckdns.org/css/bootstrap.min.css
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/bootstrap.min.css HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1bd5b-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 114011
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
qhfhrvxgtj.duckdns.org/favicon.ico
179.43.149.17200 OK 766 B URL HTTP/1.1 qhfhrvxgtj.duckdns.org/favicon.ico
IP 179.43.149.17:0
ASN #51852 Private Layer INC
File type MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel\012- data
Hash 338abbb5ea8d80b9869555eca253d49d
63e4879d10467b4bc481a208c3a64649242a1420
36a6f4ba02692dd0d4f25aa288e598a8f36d5e1a18513f0bdbbc0ada9f5b729d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /favicon.ico HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2fe-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 09:07:20 GMT
age: 1062
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10786
Expires: Sun, 05 Feb 2023 12:24:49 GMT
Date: Sun, 05 Feb 2023 09:25:03 GMT
Connection: keep-alive
push.services.mozilla.com/
52.25.166.168101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.25.166.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9YpjMprvNxGorkoW4gL4mQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RVBpaKb0pBpioM3jmphqYbiPBQg=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sun, 05 Feb 2023 10:09:07 GMT
Date: Sun, 05 Feb 2023 09:25:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sun, 05 Feb 2023 10:09:07 GMT
Date: Sun, 05 Feb 2023 09:25:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sun, 05 Feb 2023 10:09:07 GMT
Date: Sun, 05 Feb 2023 09:25:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 41618
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 78877
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e0c38abfcd86f8074d4182d49fc354f
1367bebb73fa652695242100b26c394f1bfe4457
e42d110060133ac05e6cdfafa6473c55473220fdc7eaf03e3a89f58aa3603670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11056
x-amzn-requestid: 4acc3364-4a33-4934-bdcb-41284d952113
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFrwEW4IAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8317-33872f461a2faab552322837;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4xmWa9XVzQ3xzjzIZyrdv3GpFSaTcoacse6b0lgGch2IMvV69AZ57w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:45:28 GMT
age: 41976
etag: "1367bebb73fa652695242100b26c394f1bfe4457"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75caf9549ac23c827c10d6baabb84884
e8391e4046acb91cd4a6113974fda1c44dcd3865
a01e3a9aaa0b0fa156303bcbf38c1c45ea6abe8d0a052734b05ea4da82f176c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7060
x-amzn-requestid: 9379b64e-3a3f-4b8d-aba2-bc3cd7dab98f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3cgFCkIAMFrhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c4f-6ac6da215407497043249929;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:51 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75uKxGlJDSXzIUgR5Rm4f13SClTT1UIDLgbkTrFDEDvKmGmViQ3Djg==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:25:50 GMT
age: 39554
etag: "e8391e4046acb91cd4a6113974fda1c44dcd3865"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 20525
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: 377c182d-43e8-4251-8731-6364d29fb955
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRFs0oAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-1ad3e68f50fc15707ec0406a;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sUtUjqOLpq42m22bLgmLggmPbtatZC01og_xzkVI1o8rJtAnvhvqHA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:15:26 GMT
age: 68978
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
qhfhrvxgtj.duckdns.org/js/jquery.validate.min.js
179.43.149.17200 OK 0 B URL HTTP/1.1 qhfhrvxgtj.duckdns.org/js/jquery.validate.min.js
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /js/jquery.validate.min.js HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "5450-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21584
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
qhfhrvxgtj.duckdns.org/images/about/1.jpg
179.43.149.17200 OK 0 B URL HTTP/1.1 qhfhrvxgtj.duckdns.org/images/about/1.jpg
IP 179.43.149.17:0
ASN #51852 Private Layer INC
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images/about/1.jpg HTTP/1.1
Host: qhfhrvxgtj.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qhfhrvxgtj.duckdns.org/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 09:25:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c8c7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 51399
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg