| firefox.settings.services.mozilla.com/v1/ |  143.204.55.35 | 200 OK | 939 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/ IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashbdb8b66c705a7b996496d780f50c00b5 403ae92039fcc933870f51f913f78ccaf9652256 c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 17 Oct 2022 17:51:05 GMT
Expires: Mon, 17 Oct 2022 18:13:58 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GE-Fpg2pEBM7FlrryIo8MbFhtEdevjWKnP_xmQYBtn4QRgRMzCprsA==
Age: 2804
|
|
| zvlztmmmlf.duckdns.org/ | 45.12.138.13 | 301 Moved Permanently | 162 B |
IP45.12.138.13:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | quad9 | Sinkholed | |
GET / HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 17 Oct 2022 18:37:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://zvlztmmmlf.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| r3.o.lencr.org/ |  23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash07b3389fc24c0f8eb82a9d05b546d17e 02716741b8952e548b9a223adbb3f16204eef2b2 25e13458988115ae1f8176cb2328dbfebd612eabebf256b4af64594d5e23d6ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25E13458988115AE1F8176CB2328DBFEBD612EABEBF256B4AF64594D5E23D6CA"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11816
Expires: Mon, 17 Oct 2022 21:54:45 GMT
Date: Mon, 17 Oct 2022 18:37:49 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash533e1d53f291993ed5886f88a85c6e55 eb4396e8422f71168d32ac6ff3ef49496f625e62 0d1b73b2a228fe76bf14688e603741025a40803971e05570f873b28788334b33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D1B73B2A228FE76BF14688E603741025A40803971E05570F873B28788334B33"
Last-Modified: Mon, 17 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4954
Expires: Mon, 17 Oct 2022 20:00:23 GMT
Date: Mon, 17 Oct 2022 18:37:49 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash67d5a988edcda47bc3b3b3f65d32b4b6 d4f0e0da8b3690cc7da925026d3414b68c7d954f 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rp6UvdONfTchGC5HFKeKpXKk5WtX90gpSvcmaF1pikhPYs5C6NLRshsQ8f7H+zauypKAshs/1SQ=
x-amz-request-id: 9G9YSSQZ2XJ4WS7H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 17 Oct 2022 18:35:33 GMT
age: 136
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hasha33575326f5139cfbda75940920f7843 c1198f181722d25be3c1feb4275463f944fb7142 a669c784910886bc3087c5b709d8470aa96494bb852d42cbc6188ad9e7e2c0bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A669C784910886BC3087C5B709D8470AA96494BB852D42CBC6188AD9E7E2C0BB"
Last-Modified: Sun, 16 Oct 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21596
Expires: Tue, 18 Oct 2022 00:37:45 GMT
Date: Mon, 17 Oct 2022 18:37:49 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 143.204.55.35 | 200 OK | 329 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 17 Oct 2022 18:07:43 GMT
Cache-Control: max-age=3600
Expires: Mon, 17 Oct 2022 19:03:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6Cik3qfmWdXlqKWeL8VGCvQ3MFzNvqJGWSYfSvnl2ogDR-h5ehlHWQ==
Age: 1806
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/reset.css | 45.12.138.13 | 200 OK | 884 B |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/reset.css IP45.12.138.13:0
File typeCSV text\012- , ASCII text, with CRLF line terminators Hasha77d6f26781539c015b1b1d84dac9c06 6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/reset.css HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: text/css
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-374"
expires: Tue, 18 Oct 2022 06:37:49 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/index.css | 45.12.138.13 | 200 OK | 748 B |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/index.css IP45.12.138.13:0
Hash91692497e479f6cc955e4de6d627a499 bb57de5c2d4dafee21f66645d776d3064f4b79bd de36d3e9e989de40ae0bf5252af018ef55fdc0ed938042bdba11147f1127e431
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/index.css HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: text/css
content-length: 748
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-2ec"
expires: Tue, 18 Oct 2022 06:37:49 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashe4fb755d60e07b21b9622d1a0cc91426 8f990238b34279f3cf00db7fe95f5d206fcb4d36 51b75a1fd7ea5aeb42ac3e19e26ec747ab741671d252c8507febae8bbc22da5c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1637
Cache-Control: max-age=136574
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 18:37:50 GMT
Etag: "634d0d17-1d7"
Expires: Wed, 19 Oct 2022 08:34:04 GMT
Last-Modified: Mon, 17 Oct 2022 08:06:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/logo.png | 45.12.138.13 | 200 OK | 3.0 kB |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/logo.png IP45.12.138.13:0
File typePNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data Hashc6d404ecaa7646ff497deaad55392996 1c66c5caf35e3e633d1cb1e09a334362ad11f5fb bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/logo.png HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: image/png
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-b9d"
expires: Wed, 16 Nov 2022 18:37:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 34.215.56.181 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP34.215.56.181:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xqvyu+P43hQfHLq3hGqDBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ia0Cg0cMjm5L7JSJ+B4pIugbAmE=
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/syozai_icon.png | 45.12.138.13 | 200 OK | 1.3 kB |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/syozai_icon.png IP45.12.138.13:0
File typePNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data Hashd038e6e8e4472bbcf6e5dac6a23d5a0e fce966980cd73b2d732e0081b7e8dc9751db160d 5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/syozai_icon.png HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: image/png
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-511"
expires: Wed, 16 Nov 2022 18:37:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/index.png | 45.12.138.13 | 200 OK | 104 kB |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/index.png IP45.12.138.13:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x516, components 3\012- data Size104 kB (104029 bytes) Hash3b288cf2cf8b233a1f459e89dc209d79 08aa186779070d33edbca5dece75e2760dfa4065 c0315642042bbc5f62714e1bf1ee5df4fd567a38745af3c67ff09b025a56efbb
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | |
GET /static/gs_vk/index.png HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: image/png
content-length: 104029
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-1965d"
expires: Wed, 16 Nov 2022 18:37:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/banner.png | 45.12.138.13 | 200 OK | 221 kB |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/banner.png IP45.12.138.13:0
File typePNG image data, 670 x 238, 8-bit/color RGB, non-interlaced\012- data Size221 kB (220877 bytes) Hash2f987a1099c7a986fa860cf0e80d7b5d 0a3e6dfbf3b0e7d361ba9fc088e2ef7805ec0310 2fe3b5cadeb4ad9fec7ee39d1f2170c6bb656436597087aa9a582713e53bed75
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/banner.png HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: image/png
content-length: 220877
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-35ecd"
expires: Wed, 16 Nov 2022 18:37:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 |  104.18.21.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.21.226:0
Hash06d3367b95c7ce927bfa1dfd30d24f8c 07d2a19ad7cd52da795b38a65e8ad3c8dc7fb7f1 bee399183619705d475d8790520dba7a33f37a14349bdd9112d376a956034309
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 18:37:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 21 Oct 2022 17:41:38 GMT
ETag: "07d2a19ad7cd52da795b38a65e8ad3c8dc7fb7f1"
Last-Modified: Mon, 17 Oct 2022 17:41:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2929
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75bb25dbc8c41c02-OSL
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash59c9f4b6a5cb5571f7e8ec52f3548732 9bd1c495d09547b8cc983f71b90471f42ec61f94 25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13341
Expires: Mon, 17 Oct 2022 22:20:12 GMT
Date: Mon, 17 Oct 2022 18:37:51 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash59c9f4b6a5cb5571f7e8ec52f3548732 9bd1c495d09547b8cc983f71b90471f42ec61f94 25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13341
Expires: Mon, 17 Oct 2022 22:20:12 GMT
Date: Mon, 17 Oct 2022 18:37:51 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash59c9f4b6a5cb5571f7e8ec52f3548732 9bd1c495d09547b8cc983f71b90471f42ec61f94 25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13341
Expires: Mon, 17 Oct 2022 22:20:12 GMT
Date: Mon, 17 Oct 2022 18:37:51 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash59c9f4b6a5cb5571f7e8ec52f3548732 9bd1c495d09547b8cc983f71b90471f42ec61f94 25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13341
Expires: Mon, 17 Oct 2022 22:20:12 GMT
Date: Mon, 17 Oct 2022 18:37:51 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash59c9f4b6a5cb5571f7e8ec52f3548732 9bd1c495d09547b8cc983f71b90471f42ec61f94 25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13341
Expires: Mon, 17 Oct 2022 22:20:12 GMT
Date: Mon, 17 Oct 2022 18:37:51 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg | 34.120.237.76 | 200 OK | 9.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash440811a19987ddee099df289d9b61e79 ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1 1309e9dcb36858de70ef82900ec1ad429fbb795ddb9823fd1c290b18f4e2c1a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9623
x-amzn-requestid: b3d5bd8d-111b-4d50-9720-71f72c62f860
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7Q8oFLRIAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347951d-613e5e810f420e4c0ba3e6f6;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 04:33:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OA9iHADyiam26eo88jYDECifkqeBaTjsuoeHD2YOy0aZJZEGhG-xow==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 21:37:03 GMT
age: 75648
etag: "ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ae5b65-3d0a-4d73-8a6b-e8f407db78a1.jpeg | 34.120.237.76 | 200 OK | 5.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ae5b65-3d0a-4d73-8a6b-e8f407db78a1.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash89156fccf0d7e65c0ac1467e63207bdb 0c7f5be7be8d6c21d0542eb4014d560eb0aae1ec 54316b96c831d7b77fffadb7a3c7a9370d6cbe59428f5ccf89490da25e40dd7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ae5b65-3d0a-4d73-8a6b-e8f407db78a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5613
x-amzn-requestid: bffac0a6-d874-4928-838d-7f702ca7ae24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHf5VGpJoAMFVNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c79d5-2a58b7c6018952bc0967def4;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vBmUmkb1lqOcX03ln9YzL38v1HdvkWBwYjRnImNtnQYsgc5maPnlhQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 22:10:15 GMT
age: 73656
etag: "0c7f5be7be8d6c21d0542eb4014d560eb0aae1ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashdf5f38c3dc43ccc382d0274bffb6b350 9a305072cce8bb61ca3753bb98b999695fb4706e 20ff21892e65787fecbadca0f59c05e54dee3a1359271839dab0ee5c9e796ab0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6367
x-amzn-requestid: 485c3cf9-d305-4540-8eef-8304d1103ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5EHbOoAMFWsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a0-2ac206d826bf23193740e74c;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FDpKbEtkkBwyl0pq3hI50XU9_5Qk43D5_CCq2mdq6phymrT0Op_wzg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 21:50:24 GMT
age: 74847
etag: "9a305072cce8bb61ca3753bb98b999695fb4706e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F730763bb-3207-4921-9bea-b71a7356517b.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F730763bb-3207-4921-9bea-b71a7356517b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashaf4c7c0970c0ebf00c89be5612cd1baf 04784a8026e1bfd22be9027337e24080dbf22b27 d919ce83ae2636ba64d9ed505611ee609c69720200cf580c8a57e1cbe6831681
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F730763bb-3207-4921-9bea-b71a7356517b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9765
x-amzn-requestid: 7010796c-63dd-4e04-bc47-5920d33e81dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHf5PF4poAMFe3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c79d4-239c01c42ab711c553efa72b;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 21:38:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pKiFHHn-gV4tTJmRCJ7dk6JNUZcZbxw1y8DlNiXN9-ECozll_u1PQA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 21:50:12 GMT
age: 74859
etag: "04784a8026e1bfd22be9027337e24080dbf22b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashddd17c7d44a2e136710171f237ded665 577a22b126e54bfe0e4e4ce26b0fb866bc7fe007 b1327c4f33db5488ae49b1c2f7d5b49804d4245fd0bd92c41005b9045281f2a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: c0479303-34b2-45d8-b794-4b83003312ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHjNXE81IAMFWaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c7f22-702cee0d437cbdc349efa2e8;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:01:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eT73QK1fx-IvCFC2OGRnsLRxjaEkC2w-HZr5ri2D4NRBESTD5ktWrQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 22:23:46 GMT
age: 72845
etag: "577a22b126e54bfe0e4e4ce26b0fb866bc7fe007"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57cc9e14-e4d3-48c4-a056-d13d96008e85.jpeg | 34.120.237.76 | 200 OK | 1.5 MB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57cc9e14-e4d3-48c4-a056-d13d96008e85.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size1.5 MB (1533742 bytes) Hash78bccc731d9aec529604e6a78f8dd62a 07ca0730cfbb059faa84051c37c06b7309c0f40d 68b235ce9ced657a6b05e4b2761f8f089951fbc66ba56555350328d6fdbb28c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57cc9e14-e4d3-48c4-a056-d13d96008e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 1533742
x-amzn-requestid: 08622fbf-b5da-463d-93b0-2658eec7f963
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7EhKFDKIAMFS3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347813a-1fe827a352aced1614638272;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 03:08:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tURfDDYAWPP1lNDt0zEjlfl0On0v9_jOlaOM5491WSjY4UFvETM0pA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 13:57:16 GMT
age: 16835
etag: "07ca0730cfbb059faa84051c37c06b7309c0f40d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| js.users.51.la/21240581.js |  103.143.19.103 | 200 OK | 2.3 kB |
URL HTTP/1.1js.users.51.la/21240581.js IP103.143.19.103:0 ASN#4837 CHINA UNICOM China169 Backbone
File typeASCII text, with very long lines (4898) Hash648d332a1a1b5037f4e0ebc4a16255e5 5238cd54b0126b54bd371267320e9854a1930491 07d02a0148b6511022ea5ba02eab78bf74dc6d6540974b4fcc6319d43ef67495
GET /21240581.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Mon, 17 Oct 2022 18:37:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=281ad238e8cd2a95ef4; path=/
HWWAFSESTIME=1666031869855; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| ocsp.globalsign.com/gsrsaovsslca2018 | 104.18.21.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsrsaovsslca2018 IP104.18.21.226:0
Hashe7ce90315b90b45be18c6cde96ae3dd9 6efd3370c07646b8adb1134946871632a577ca61 9541df4fad24c721f81f7fbc4e56850cf4df9b70b973b160be774812dce5b17c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 18:37:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 21 Oct 2022 15:24:19 GMT
ETag: "6efd3370c07646b8adb1134946871632a577ca61"
Last-Modified: Mon, 17 Oct 2022 15:24:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2991
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75bb25dfddfb1c02-OSL
|
|
| www.nta.go.jp/template/img/template/headerbackground.jpg | 54.230.111.22 | 200 OK | 30 kB |
URL HTTP/2www.nta.go.jp/template/img/template/headerbackground.jpg IP54.230.111.22:0
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 980x113, components 3\012- data Hashe5e2087ec026ba50dceab21313cde200 32528b75731905a34f01e6b4cdf3937f72c4098f 9f7bcb50485acc2487f525f5d0d49bf0e3c239ee0150685a621b7e84d67818c7
GET /template/img/template/headerbackground.jpg HTTP/1.1
Host: www.nta.go.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 29881
server: Apache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Fri, 30 Mar 2018 05:48:34 GMT
accept-ranges: bytes
date: Mon, 17 Oct 2022 18:37:36 GMT
etag: "74b9-5689aca6dd080"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u9kqR3aiIzZg63OXQ_6f5Z0CLfnnJcZfUnzMipFox_0sSJhmDN-fnA==
age: 16
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/favicon.ico | 45.12.138.13 | 404 Not Found | 146 B |
URL HTTP/2zvlztmmmlf.duckdns.org/favicon.ico IP45.12.138.13:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /favicon.ico HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Cookie: __tins__21240581=%7B%22sid%22%3A%201666031877439%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201666033677439%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 17 Oct 2022 18:37:52 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.21.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.21.226:0
Hash6390f91a6bc22e1905d3e7c3cb7fc42d a658ca58c6a23aa9fea22fe56aa317b047873aa7 95dc0588a7f33f9afa8131b2f2ad8554a96480e2c9ac9ee2dd68ddea1434c199
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 18:37:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 21 Oct 2022 16:17:18 GMT
ETag: "a658ca58c6a23aa9fea22fe56aa317b047873aa7"
Last-Modified: Mon, 17 Oct 2022 16:17:19 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 284
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75bb25e52bf41c02-OSL
|
|
| ia.51.la/go1?id=21240581&rt=1666031877439&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1666031877439&tt=&kw=&cu=https%253A%252F%252Fzvlztmmmlf.duckdns.org%252F&pu= | 103.143.19.103 | 200 | 0 B |
URL HTTP/1.1ia.51.la/go1?id=21240581&rt=1666031877439&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1666031877439&tt=&kw=&cu=https%253A%252F%252Fzvlztmmmlf.duckdns.org%252F&pu= IP103.143.19.103:0 ASN#4837 CHINA UNICOM China169 Backbone
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21240581&rt=1666031877439&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1666031877439&tt=&kw=&cu=https%253A%252F%252Fzvlztmmmlf.duckdns.org%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Mon, 17 Oct 2022 18:37:53 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=70cd41bdf52ea52c444; path=/
HWWAFSESTIME=1666031872097; path=/
|
|
| zvlztmmmlf.duckdns.org/ | 45.12.138.13 | 200 OK | 0 B |
IP45.12.138.13:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | quad9 | Sinkholed | |
GET / HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: text/html
last-modified: Thu, 22 Sep 2022 08:30:24 GMT
vary: Accept-Encoding
etag: W/"632c1d20-f3f"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/gs_vk/public.css | 45.12.138.13 | 200 OK | 0 B |
URL HTTP/2zvlztmmmlf.duckdns.org/static/gs_vk/public.css IP45.12.138.13:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/gs_vk/public.css HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: text/css
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
vary: Accept-Encoding
etag: W/"62f215d6-818"
expires: Tue, 18 Oct 2022 06:37:49 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/js/jquery-3.3.1.min.js | 45.12.138.13 | 200 OK | 0 B |
URL HTTP/2zvlztmmmlf.duckdns.org/static/js/jquery-3.3.1.min.js IP45.12.138.13:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: application/javascript
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-1538f"
expires: Tue, 18 Oct 2022 06:37:49 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| zvlztmmmlf.duckdns.org/static/js/jquery.cookie.js | 45.12.138.13 | 200 OK | 0 B |
URL HTTP/2zvlztmmmlf.duckdns.org/static/js/jquery.cookie.js IP45.12.138.13:0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | DynDNS domain detected | | openphish | National Tax Agency JAPAN | | | quad9 | Sinkholed | |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: zvlztmmmlf.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvlztmmmlf.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 18:37:49 GMT
content-type: application/javascript
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-c31"
expires: Tue, 18 Oct 2022 06:37:49 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|