kapthswxjg.duckdns.org/
200 OK 2.7 kB IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash dfb42051ef48382e452306aa902fb81b
e82c224d66ee820c00f055d6a3e12b6162cbd45c
bae3408a02743ed4dc1767c0b03b474996ce922175c02ae53373faa577df5cf3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/html
Last-Modified: Mon, 06 Mar 2023 09:22:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405b0db-2dbd"
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7350
Expires: Mon, 27 Mar 2023 05:39:39 GMT
Date: Mon, 27 Mar 2023 03:37:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 13f90146df1d559743af6df15c29b77b
6dd24f60629c39f857e3c996084f4d515cf3f8d0
ea5975be17b9cd29c8770939eb5d63ce43c1c44ce9a3a4d04e1e79cd69b30d1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA5975BE17B9CD29C8770939EB5D63CE43C1C44CE9A3A4D04E1E79CD69B30D1C"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11153
Expires: Mon, 27 Mar 2023 06:43:02 GMT
Date: Mon, 27 Mar 2023 03:37:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10716
Expires: Mon, 27 Mar 2023 06:35:45 GMT
Date: Mon, 27 Mar 2023 03:37:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 27 Mar 2023 03:27:56 GMT
content-type: application/json
age: 553
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ze2eQUCYO9Nb+CY9Ff5UH6XsSBHCYE8QtbDQLJ1HP2rRZY1/0lIr1oLFgc8b4nUkEPqLNrbQoA4=
x-amz-request-id: 0R3JT67QREN10MJD
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 27 Mar 2023 02:55:37 GMT
age: 2492
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 03:37:09 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
kapthswxjg.duckdns.org/index/patch.css
200 OK 103 B URL HTTP/1.1 kapthswxjg.duckdns.org/index/patch.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash 9fb36388079d1c1bcacf56a90667c2b7
34b6de188790e1966c7b7773a3267c9c476506fb
aa85e2bfb22009a9794ce022df9bfcd89a185078bab1d8d5bbe65c9cbe5ce2cb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/patch.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 103
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Connection: keep-alive
ETag: "634fdab0-67"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/index/common1.css
200 OK 734 B URL HTTP/1.1 kapthswxjg.duckdns.org/index/common1.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with CRLF line terminators
Hash dee10f0aebfbcff35bfd219678bb42d2
007221fb5e14cf49a68a825829ad0cf7dcf9d3c1
fe095b5438bf3dec091300675825326599067866d735410fcf9d05ca8d084a34
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/common1.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 734
Last-Modified: Mon, 06 Mar 2023 07:43:54 GMT
Connection: keep-alive
ETag: "640599ba-2de"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/1.js
200 OK 2.4 kB URL HTTP/1.1 kapthswxjg.duckdns.org/1.js
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 02ffef9274ad266daf86135590207648
97511eb0f9946b7f24b4eb0056ea424a22d039f4
518dffabe0fbd648363e37926e18b8070c26008c7fc9b6eb241a7abe899bdabc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /1.js HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 Mar 2023 10:02:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640c51ae-1322"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/index/autop2022.css
200 OK 12 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/autop2022.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f1f175ba60778d6c5edc6810a383f093
f3081243b57871612536be750fcc0d65cd88a3b3
4f891d9203c8ad76ee6172b4a479776de4ef4e983994401954950d4bb0cb1996
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/autop2022.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:17:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdcce-10597"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/index/floating_bnr.css
200 OK 1.4 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/floating_bnr.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 193d7f2e6dcd5d6b9e4d5b63e011f654
7c0ba3256ec449b6c8b09b91a26ef0bd0fd7da4b
14ab9a46560e9dd39cd5ee2261463b5b08b96ced4a690b833fe9f8ad57b8c398
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/floating_bnr.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-1066"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/2.js
200 OK 2.4 kB URL HTTP/1.1 kapthswxjg.duckdns.org/2.js
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4898), with no line terminators
Hash 329721f20b80af5fb1280099bddaac27
688f423b54134281a440627a7908e69eb1689251
f7a4acf7f43557ae3c016efc567b7a6ba4e8570d7bf38084b13dc5816805b2a9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /2.js HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Mar 2023 10:02:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6401c5a0-1322"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/web_font.css
200 OK 659 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/web_font.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 44afde52eb764fb8dc3bdc93fa5bc5de
2ba406581c1ec0adc6ea7d38a30e034b33ba50d3
7063c94b5d36c1dd766ee9b4988a6aaaa4646172d15e6fa79d1ab2927a9b7885
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/web_font.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-60b"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/common.css
200 OK 757 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/common.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (1310), with no line terminators
Hash e02bbaac73c3252d7ce5a435be84b161
47837f273a056846417d6a3bbe6afbdcda6eebd8
3ab34e599d64d5d3fc91d4e767bbb417b15d443f5fa27b57d1b8ab6f2246c4d4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-532"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/common_smt.css
200 OK 2.7 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/common_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (10295), with no line terminators
Hash d0927936c38bfcd930ca3da5e3c52ee5
4a8b8ad3ad04e9f64f869a835a98140af50db2ec
2aeb6dec6853b6defb556ff554d1af44ecda6e43600cfcad62867a7a2833dbeb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/common_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-2839"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/header_smt.css
200 OK 4.1 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/header_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a36d01f2f8d693c5c0a054f807c180cf
7cfe2395344f2fdf1750a470369921187bdd8655
310614b9193a3a6423407d04b0ac36d46e9c3907973d687b9452370c8b807450
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 03:42:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6405611a-4523"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/footer_smt.css
200 OK 1.8 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/footer_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (6309), with no line terminators
Hash 843e7c6c055493afb4ad28904f9fd86c
a2270b1eb98446c961f0dec5a2b26b0ff622a1f6
e9a9e847a9d04c9b2869916c5aa1a2e830463ca28350a5a417a029fff3b201fc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/footer_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-18b9"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
200 OK 115 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type assembler source, Unicode text, UTF-8 text, with very long lines (562), with CRLF, LF line terminators
Size 115 kB (114640 bytes)
Hash 54598c23fa78de05f6527eed7fa80ed1
7085981e4eb347229902592d30938ca8afd2173c
e98998c04d029654b75d8b37747be6e462e92b4f91d9cfee6682f84c0677bc9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/clientlib-base.min.d9d23f388ff7b590ff7ec23366ca0e99.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 11:08:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634fdab0-de4ea"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/parts.css
200 OK 460 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/parts.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (460), with no line terminators
Hash e00eaa3e7d77d4e20ddf0474a2fb6f29
fc6083084099010bd8ff85ac030a0e8dfe546df3
888c0ace157d7afb5bc31a14f45892880dd9df7a9ff7fc664e36edf413b95523
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 460
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-1cc"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/parts_smt.css
200 OK 12 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/parts_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (57426), with no line terminators
Hash ff1cb1d0787b0bec22ed7b8b043100b4
11e0eb3d35e94aad982f5bd35869504e115eb679
992c3c568b3258263703649984f31a487b5a25d0698e6c606b851e435a9058d2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-e056"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/header_banner_smt.css
200 OK 655 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/header_banner_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (1883), with no line terminators
Hash 032a9ee46864dbe108b7bba2b6871471
d1ddc8b64b623190429eda145c6650492917403e
82081cc7ef7b6c07a1053633ae29a647ad3b92b10360dd7c10379f6a782ad55e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_banner_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-75b"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/header_branding_smt.css
200 OK 846 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/header_branding_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash a361c29b4c965358cde21dc4e9305dcc
819bbc08ba6f276426d44065f6d2c64f4984fe89
c712b74e16642d38fe20458cb5b166408345b2ef195c611d0b3862deee6fc1aa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_branding_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 846
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Connection: keep-alive
ETag: "634faef2-34e"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/dynavi_smt.css
200 OK 694 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/dynavi_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c7e1ee0df3ac5772ea986fa4f8ecdebb
7d20151c9d567ada03df72c00e2f86fc89748eb1
e1bce97a9478d60f3ab8029dee7bfbba9731a6c72daddead66fc923faac48c60
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/dynavi_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef2-6f5"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/KDDIto_faq_api_smt.css
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/KDDIto_faq_api_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/KDDIto_faq_api_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
kapthswxjg.duckdns.org/statica/chat_tool_smt.css
200 OK 2.8 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/chat_tool_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 37aaa7f5615d074bc553efd229e73e86
b7bdf072c7b46e3db234e5dec0792538d3e7a533
bc7a8fe2846adb6fea1d26b69443cd1abbd622bbd073e7b445fa46342dc3f7a2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/chat_tool_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-27ad"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/add_modules_smt.css
200 OK 1.3 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/add_modules_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 1c72c54c8c25879029967d3b1bdcd731
d99e365e83b8a9d9b9a24afe567b6650e45dc9e7
043840fba7b9eba375430a5d4c25eca76e78bfac591a7069a255716d75852140
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/add_modules_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-11fd"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/osp_parts_ex_smt.css
200 OK 1.1 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/osp_parts_ex_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (4454), with no line terminators
Hash 2c1d9b4379f5d13dec96a1b31c2c8d8d
4ffc40dde93db4259381bb655236a5a48bd94f4d
e27b999510bd8ad3f0f6dc0525d2a83b888ccdf2e3fc85329f73f7a38920d015
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/osp_parts_ex_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-1166"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9468
Expires: Mon, 27 Mar 2023 06:14:57 GMT
Date: Mon, 27 Mar 2023 03:37:09 GMT
Connection: keep-alive
kapthswxjg.duckdns.org/statica/parts_smt-v2-btn.css
200 OK 592 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/parts_smt-v2-btn.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash e63ea98f8d1d1bfb1c7f4fbf7ec29ddc
4756a4950b86b3ac17cca82ce5df9107354fe09b
a36dfbd6e559511bf92a90434c1084b55e187b2dcbf18b2373add5e907f11e9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2-btn.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 592
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-250"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 27 Mar 2023 03:17:24 GMT
age: 1185
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
kapthswxjg.duckdns.org/statica/new_footer_user_assessment_log.css
200 OK 1.8 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/new_footer_user_assessment_log.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (9069), with no line terminators
Hash 3266b365ae2e86e1c4b91925158a6ea0
e1785a5abdc9c771fd06045dd45ec595973ac981
48532e50ca8e1536424163ed9bb676d118a54cb455763165ee1a330f63ad3998
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/new_footer_user_assessment_log.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-236d"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/font.css
200 OK 224 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/font.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9e271e79969e236d11e5d6c330a27e4c
f3228388293e37e68c505d8675a7424e48f83c92
49ecd30e8a9dcb12ef68f5924d107e7b36a0b5cff4ff85c5bace3e53a2c18390
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/font.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Content-Length: 224
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-e0"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/slick.css
200 OK 1.4 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/slick.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (4948), with no line terminators
Hash 88b54e9bef8c3f14fa0081cfd81c2ee9
f37ba369a45a01e0671140504acddb4ef6890785
b0aa74dcf071abf7dc9ea273e9ba06a6731225cbf30d5b171c4ef28cabac3476
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/slick.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef4-135c"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/index_smt.css
200 OK 1.2 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/index_smt.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash 19709a1db45f457eaae000605a66c81b
49107bd2722d4b8a63cf89f911bcec873295d5cd
3d167140b32d1b80d641a51114a3f70c1ca070efa26336b8327d371ab2fdf2c0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/index_smt.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:01:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faef6-1025"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/style.css
200 OK 9.1 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/style.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash c11a448cf6d6782004873cbd74bcb3c6
97b3b4dbc45777cfee7df6c52ded36f739909c6b
ee93089b021892132b602ee8fbe29753d23111de8e7f7c14d0b5747e714f1a2d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/style.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64056790-f213"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/l3-base.css
200 OK 6.4 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/l3-base.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (41105), with CRLF line terminators
Hash 97abe39b078280fdeac27588893a4184
15d5b284fd065a14aa3dd6c1ef3e1240ff84bbb3
d7d0922c62255f3cb0142c19e6724e3bdae800c9e6d3d5050d5720a610d20ce7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3-base.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-a093"
Expires: Mon, 27 Mar 2023 15:37:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/rf2-style.css
200 OK 8.3 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/rf2-style.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (37237)
Hash 7d756a6c2884ef06889eb91355f6548a
2e4c1667f6243e63e5bcca8e81416d0e8bfb6506
a7961973c41d4bb9c92e7213db5708b2a176c74097abffe6512aeda20322e25c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/rf2-style.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6e-91d6"
Expires: Mon, 27 Mar 2023 15:37:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/header_dpoint_area.css
200 OK 2.0 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/header_dpoint_area.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
Hash d2d019a46a5af2d55d12762ca9c52311
dcf6961dc5c9f240577d9087ece402c36fb456ae
2c48ae8127ffedd014586e15746ad32037e043a822e3e71646b41521f7cc8d4e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/header_dpoint_area.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faefe-2472"
Expires: Mon, 27 Mar 2023 15:37:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/statica/parts_smt-v2.css
200 OK 45 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/parts_smt-v2.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type Unicode text, UTF-8 text, with very long lines (8432)
Hash d08aa4e09fbd9fc0e4b37cd033bff0be
d88de5246609ba1a9de33e3c9c3c291bc1191a1c
23be5f5acea35bb353d55b7bc4055a664c40972cc4082c253cf843453481eb06
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/parts_smt-v2.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:09 GMT
Content-Type: text/css
Last-Modified: Mon, 06 Mar 2023 04:07:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"640566f2-6bf0e"
Expires: Mon, 27 Mar 2023 15:37:09 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 59BI8zvYqhAGrbTx9Roq3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TpryfZkNkvbtx88/OV1HOGw332E=
kapthswxjg.duckdns.org/statica/l3.css
200 OK 58 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/l3.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with very long lines (65536), with no line terminators
Hash 30ba2bd45c9c1f382f477bb670a2938c
8433af88f080303a8fe4a52ddb25cfe515aa23e1
3c57efc25b49e7511e4f922301f598bb3982e030d6d599387b9dc75954380f35
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/l3.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 08:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"634faf6c-9bab0"
Expires: Mon, 27 Mar 2023 15:37:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kapthswxjg.duckdns.org/index/5.png
200 OK 8.0 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/5.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 618x119, components 3\012- data
Hash cec083eb37249a1a1ce260600693308e
e739396204fb0a67470e71198484879fe74ec828
c031d56a3182f5025196304b980c0ffe50c3a32cae57148b809cdd06c3b4e451
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/5.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 8029
Last-Modified: Mon, 06 Mar 2023 08:31:12 GMT
Connection: keep-alive
ETag: "6405a4d0-1f5d"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/logo.png
200 OK 6.9 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/logo.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 514 x 143, 8-bit/color RGBA, non-interlaced\012- data
Hash ef6107ae35cb87273f441b64e82b6812
821cdfb9557e2bfdc8b418c0262202c563c31a08
e84d143f6e0cb21750db23f618ebd3b9514e5b7073cfb6bd94533a0aa2fb2ed8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 6850
Last-Modified: Mon, 06 Mar 2023 04:19:00 GMT
Connection: keep-alive
ETag: "640569b4-1ac2"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/index/4.png
200 OK 15 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/4.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 345 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash 57eba58913d5c25bfe947a19b626a1b1
c0ecca5c2b7373bf2bb63212dab1e7a09fee13ff
07deff8533cfa96cb4402aa4f3591ad6011301d89dfcf50cc8112ed4432314ec
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/4.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 14757
Last-Modified: Sat, 04 Mar 2023 09:07:26 GMT
Connection: keep-alive
ETag: "64030a4e-39a5"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/6.jpg
200 OK 122 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/6.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1863, components 3\012- data
Size 122 kB (121592 bytes)
Hash cb0b9e48faa29bbfcdf5cc35f1696465
b961c9a4ef305c03131e9fe7dc70ae0245596202
66caac7d73c97b165ba3773c501546beb569529a6beb2b163aae12046a0cd4fa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/6.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 121592
Last-Modified: Mon, 06 Mar 2023 09:11:31 GMT
Connection: keep-alive
ETag: "6405ae43-1daf8"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/5.jpg
200 OK 138 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/5.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2104, components 3\012- data
Size 138 kB (138352 bytes)
Hash 5b02a1521c7f166523443e0fae46dac6
084af4802b306557f667a5b316a1ec0ab33d0cde
17a10afca574e2f527f6889db45c69a2bdf3fa6a9820e5f06d6966a723049179
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/5.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 138352
Last-Modified: Mon, 06 Mar 2023 09:13:08 GMT
Connection: keep-alive
ETag: "6405aea4-21c70"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/print.css
200 OK 50 B URL HTTP/1.1 kapthswxjg.duckdns.org/statica/print.css
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type ASCII text, with no line terminators
Hash 8f05cb9cbc138924e9f3d185685ecf69
5d38247ec1bfc2d2cdbb58502f6223641c5ea1e5
480886529ebec4ab974b93a8a0bc79f88d561120fda947a3b9c2aeaff8d11a71
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/print.css HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/css
Content-Length: 50
Last-Modified: Wed, 19 Oct 2022 08:01:56 GMT
Connection: keep-alive
ETag: "634faef4-32"
Expires: Mon, 27 Mar 2023 15:37:10 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
kapthswxjg.duckdns.org/index/3.png
200 OK 44 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/3.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 996x303, components 3\012- data
Hash 02d2e385d6c4d7e75ff925a7915282d5
665f598c06b062aa6fe35d4008ee228dab365dab
a68040728bae6e61ad244955677d3b00d8f1fc63af5d869efb1ae01365d83bf2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/3.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 44107
Last-Modified: Mon, 06 Mar 2023 08:28:57 GMT
Connection: keep-alive
ETag: "6405a449-ac4b"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/index/2.png
200 OK 113 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/2.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 851 x 295, 8-bit/color RGBA, non-interlaced\012- data
Size 113 kB (113029 bytes)
Hash ae1ce68b80e291b2486c2f3b609ec3fc
1841dae5a2ec1248d630e05c7069f06b41d35939
17b7563c46fbac734241c73330707a3dba9ede3341470a52a66965d159dada97
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/2.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 113029
Last-Modified: Mon, 06 Mar 2023 08:11:03 GMT
Connection: keep-alive
ETag: "6405a017-1b985"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/images_osp/common/spacer.gif
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/images_osp/common/spacer.gif
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/spacer.gif HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/statica/common.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
kapthswxjg.duckdns.org/images_osp/common/ico/ico_window03_v2.png
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/images_osp/common/ico/ico_window03_v2.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_window03_v2.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
kapthswxjg.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/images_osp/common/ico/ico_conversion_olt.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_olt.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
kapthswxjg.duckdns.org/statica/logo2.png
200 OK 51 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/logo2.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data
Hash c2f9b38d71fa659a844a1b2aa8f59ea6
16162794ffa73014af78b6d4bf5767e49e624ce3
c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/logo2.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 51082
Last-Modified: Sat, 04 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "64030bf6-c78a"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/1.jpg
200 OK 119 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/1.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2094, components 3\012- data
Size 119 kB (118591 bytes)
Hash 133901678896931f743ef2d1898a28b8
861d7acdcf76447abaa0f5f9435714fb0770fb70
eb34cf472d517648b90bd22fba5156923836fb5b98a62cbb3024f206a93433cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/1.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 118591
Last-Modified: Mon, 06 Mar 2023 09:11:04 GMT
Connection: keep-alive
ETag: "6405ae28-1cf3f"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/2.jpg
200 OK 158 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/2.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x2129, components 3\012- data
Size 158 kB (157972 bytes)
Hash c4181b57111ba6ae847eb865cf7ca451
9eb56efd39dc96af60a119b134ec9b46b6a1e80d
c6cc0292bd3c15dd2b46d90cce3258f4a88224547cb5a5077b404d036b381db9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/2.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 157972
Last-Modified: Mon, 06 Mar 2023 09:11:02 GMT
Connection: keep-alive
ETag: "6405ae26-26914"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/4.jpg
200 OK 108 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/4.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data
Size 108 kB (108146 bytes)
Hash c7103846b240db4c449ca632246fc3de
c4653a081ded64797cb3c53bd3449e171571fa50
3c77e423b78ac676aa2de3bfe1e51813fcfaea7975a3a206e82f25b98c61c305
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/4.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 108146
Last-Modified: Mon, 31 Oct 2022 09:25:12 GMT
Connection: keep-alive
ETag: "635f9478-1a672"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/index/1.png
200 OK 180 kB URL HTTP/1.1 kapthswxjg.duckdns.org/index/1.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type PNG image data, 358 x 738, 8-bit/color RGBA, non-interlaced\012- data
Size 180 kB (179864 bytes)
Hash 29a6f30386d344e0efcc14770d0d1d8c
106b1a96e74148d4ace4770a6daad86c4e834f3b
66456f7cba88c621661a9e99a892a98657ff9f863598307500d53dcdd82b9235
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index/1.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/png
Content-Length: 179864
Last-Modified: Mon, 06 Mar 2023 07:42:22 GMT
Connection: keep-alive
ETag: "6405995e-2be98"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/images_osp/common/ico/ico_conversion_contract_cnf.png
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /images_osp/common/ico/ico_conversion_contract_cnf.png HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/statica/parts_smt-v2.css
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
kapthswxjg.duckdns.org/statica/7.jpg
200 OK 124 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/7.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1872, components 3\012- data
Size 124 kB (123911 bytes)
Hash b1cd37bcabd72297a68bf6cfe764de4c
6c035767206f56e4efd46f65cec33d0fdfa73fd2
740f089d5e66c85349e6385bd7e8e40e62dbc5423597edd79ecc0c06f65e7373
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/7.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 123911
Last-Modified: Mon, 06 Mar 2023 09:14:30 GMT
Connection: keep-alive
ETag: "6405aef6-1e407"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/statica/3.jpg
200 OK 188 kB URL HTTP/1.1 kapthswxjg.duckdns.org/statica/3.jpg
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data
Size 188 kB (188531 bytes)
Hash f1ebd37f4327ecafb79d418b055f059f
ae48973ef810b2e3624abb92b69807898017d593
3ed0fd3a419ef64bf46f9a2243664d4e6996ea656ecf00859444b7504afb5651
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /statica/3.jpg HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 03:37:10 GMT
Content-Type: image/jpeg
Content-Length: 188531
Last-Modified: Mon, 31 Oct 2022 09:25:10 GMT
Connection: keep-alive
ETag: "635f9476-2e073"
Expires: Wed, 26 Apr 2023 03:37:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kapthswxjg.duckdns.org/favicon.ico
404 Not Found 146 B URL HTTP/1.1 kapthswxjg.duckdns.org/favicon.ico
IP
ASN #15162 NETMINDERS-SERVER-HOSTING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /favicon.ico HTTP/1.1
Host: kapthswxjg.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kapthswxjg.duckdns.org/
Cookie: __tins__21567219=%7B%22sid%22%3A%201679888246943%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046943%7D; __51cke__=; __51laig__=2; __tins__21562311=%7B%22sid%22%3A%201679888246952%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679890046952%7D
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Mar 2023 03:37:11 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20372
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 03:37:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20372
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 03:37:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20372
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 03:37:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20372
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 03:37:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb2d1b24-5d13-4a28-9a31-f6dbc83f77fa.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb2d1b24-5d13-4a28-9a31-f6dbc83f77fa.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 871b83a693b8e856658d5382f476c82b
b95a95d2bee6bdac0f5e4134d97bf9270a1d15b9
a4f545d50ba4aa356f387650b2020395570d5b4e0ffc43378320ad57dc041081
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb2d1b24-5d13-4a28-9a31-f6dbc83f77fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9397
x-amzn-requestid: e5acdea1-e57c-426d-a2b5-9efed8b05322
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRi7jFH_oAMFqYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d4b7c-7b1d92f0181b9a945fc5087c;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 07:04:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: WOa92gQL0vhX6U7oqTxpTPAXHCdnMkEva-IT02RY2uz48KV88cK2Vw==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 08:21:59 GMT
age: 69312
etag: "b95a95d2bee6bdac0f5e4134d97bf9270a1d15b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F182d8f65-a14c-4dba-9dad-8a8912930472.jpeg
200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F182d8f65-a14c-4dba-9dad-8a8912930472.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 980cf4548b4f56b291f342f7ea110e8d
7f65e1a75b904698a32f707c120a087ff70822a3
35ebf1cfbc726fac9d8368ce88b4d24e1a4e6e4d413aa06326be0ba4ecffbcbc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F182d8f65-a14c-4dba-9dad-8a8912930472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4619
x-amzn-requestid: 217befa4-2fbb-416d-866c-856126df7be1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK99mFBYoAMFntg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa9f0-14b2c09249bc8f2d00883576;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:10:40 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KDi1pAvpxvgiuG1b2mwvDdPkATB8Lz8O4HhIv1GRZzko6ZTi4UxuWQ==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:58:21 GMT
age: 20330
etag: "7f65e1a75b904698a32f707c120a087ff70822a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d7b21f2-676f-4c51-b4dc-6a2a91111f85.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d7b21f2-676f-4c51-b4dc-6a2a91111f85.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b49b3235ad6ed6c8298bd2c57f29d60a
69db0c4055e9d5b00fc5316179ce50c2adfd7b28
87409358baa3fd963bd17987771d0046709f38797aadb18082a45cc1d815c8e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d7b21f2-676f-4c51-b4dc-6a2a91111f85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10873
x-amzn-requestid: c12b388d-f1c9-4828-b9a5-a0bbe95c0bd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CYIxhHaIIAMF9eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641fee6f-41ba3d8131251f1e53e803e6;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 07:04:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nnul5a6-gJuK46BFYUqApgxTsyV3xED5myTYfRDYkfHyMNO0baHZbg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 07:13:02 GMT
age: 73449
etag: "69db0c4055e9d5b00fc5316179ce50c2adfd7b28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2fcfac9-c8d3-433b-bca1-fc4cc01b74e5.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2fcfac9-c8d3-433b-bca1-fc4cc01b74e5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8613d9a5ad5db82302da111c87e69854
3ebae7c6f761885b671f744ab3eced168eeaaacc
cda7548c1074a6511230502deefc18f387eb92b850d8f6cd950895a365eb9d85
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2fcfac9-c8d3-433b-bca1-fc4cc01b74e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7261
x-amzn-requestid: c4a9b3c7-2555-4727-9986-9b251e684bd8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CaIOHFTRIAMF0qA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6420ba5a-14b9f548565823bb76cbf1c3;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 21:34:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: gxqEwiG77PNfekjEfngOspKeZrJh5Czup43-Y-sxnTrMasdtwMP3SA==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:49:30 GMT
age: 20861
etag: "3ebae7c6f761885b671f744ab3eced168eeaaacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: CgU9j02Bnw0UdIwQ3sRCDvJoPitHIAUTRDhLH_PMXYlAPoAwSbv6Iw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 05:35:57 GMT
age: 79274
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41064d22-9f70-411e-91aa-7e0a674de775.jpeg
200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41064d22-9f70-411e-91aa-7e0a674de775.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59cfc46accc666e25bf7e7eeea58e7da
0e765a10bd03159dff4374d7ec47e3d8634b7167
373a384a3d73e3cb60c41ceea7ca11add588d52722a54cec00ef2e585d8cfa72
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41064d22-9f70-411e-91aa-7e0a674de775.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5509
x-amzn-requestid: fd8b16f0-3705-4657-a8a3-5d7af384c55f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CSKPKGqLoAMFuQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d8a60-37a5cc0431ab213b607dd843;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 11:32:48 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qPiUtML5ETIeqB7RZcF19Veyh5_yGmhXdmi8QNk-m9klPWK3fGeyRw==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 08:02:45 GMT
age: 70466
etag: "0e765a10bd03159dff4374d7ec47e3d8634b7167"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
199.167.138.75
44.235.86.161
23.36.77.32