Report - webmail.000232166.duckdns.org/

Report Overview

Submitted URL

webmail.000232166.duckdns.org/
IP

84.32.230.54

ASN

#0
Submitted

2023-04-04T21:25:44Z

Access

public
Website Title
Final URL
Tags

dyndns
urlquery detections

Suspicious - DynDNS domain

Detections

urlquery

15
Network Intrusion Detection

7
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782	2373	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413	5894	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606	238	34.117.65.55
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3246	52773	34.120.237.76
webmail.000232166.duckdns.org (14)	unknown	2023-04-04T20:12:12Z	2023-04-04T20:12:12Z	8698	127300	84.32.230.54
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2704	7093	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-04T21:25:32Z	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-04-04T21:25:32Z	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-04-04T21:25:32Z	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-04-04T21:25:32Z	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-04-04T21:25:32Z	medium	Client IP	84.32.230.54	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-04-04T21:25:33Z	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-04-04T21:25:33Z	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

Pretty

URL

webmail.000232166.duckdns.org/
IP

84.32.230.54:0
ASN

#0

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 13:49:11

Last Seen2023-04-05 02:10:25

Times Seen2
Hash

523bf4d24923576c3154aa2b133fed18

0c588bea98bcd43618a2ceb4738579fae0ac435b

975218521958b564e4a98480ad4d5b7764f0974ce4f3e9bed42bcaf2c40cf36e

Pretty

URL

webmail.000232166.duckdns.org/
IP

84.32.230.54:0
ASN

#0

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:02:37

Last Seen2023-12-04 10:33:41

Times Seen1128
Hash

f88baf75b8e07dd7ec741e96546bc4f7

a74b22312f7ce6ea751190a32f188b305f2e71e3

1e5f5c8697f7a5934a4e88d298805feb7272c5ae7b1a357b44ec0b5289b60a50

HTTP Transactions (33)

URL IP Response Size

webmail.000232166.duckdns.org/

84.32.230.54

301 Moved

122

URL HTTP/1.1

webmail.000232166.duckdns.org/
IP

84.32.230.54:0
ASN

#0

Magic

HTML document text\012- HTML document, ASCII text

Size

122
Hash

d63aaa86438e94854fc97686753d3512

bc484242e8822cd7184e517ae0e6a3c385c19a08

3894cc38547fad2a20284bf8c9f3b202e37c4381321a79f8abe407a6e811b9ef

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

                                        GET / HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-length: 122
Location: https://webmail.000232166.duckdns.org/
Content-type: text/html; charset="utf-8"
Cache-Control: no-cache, no-store, must-revalidate, private
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a4074549843769a3da3f055bcb5a78ff

f99062d34cf71bda6a9c64061fb9e61008f94021

895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3787
Expires: Tue, 04 Apr 2023 22:28:40 GMT
Date: Tue, 04 Apr 2023 21:25:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e50dac5108a698d61ca49516033d1a20

53d243b89fc00deb9bfae07351bbe36ddb7c1df3

e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17803
Expires: Wed, 05 Apr 2023 02:22:16 GMT
Date: Tue, 04 Apr 2023 21:25:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

7f03faaba3392caae6dae54467bfdf6d

57ea1f14e8bfbcca8190c706d708c9fda12442c1

02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 20:28:45 GMT
content-type: application/json
age: 3408
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

903ed2d58f1f33d069b70c4b53f1cb1f

0ef89cd6eb79a2ddd74434f9233cf486fffc1142

d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7360
Expires: Tue, 04 Apr 2023 23:28:13 GMT
Date: Tue, 04 Apr 2023 21:25:33 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: YJDZBrXQeK2IoXWSSBcI2RmQNxixNEJC3FG67SJdmTPDC2RLee3kNDYGzeYhjQdHFm8xvSG0Ock9O7hDLdY7+g==
x-amz-request-id: 19P0WW9ZGQTEBJXV
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 20:53:17 GMT
age: 1936
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 21:25:33 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

webmail.000232166.duckdns.org/

84.32.230.54

200 OK

12261

URL HTTP/1.1

webmail.000232166.duckdns.org/
IP

84.32.230.54:0
ASN

#0

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10609)

Size

12261
Hash

987b5f049bb5e52ccf1fc38f65535460

7ff70d23922d37ed7965473f9ae9ea42ce90236e

cd4b3d53f174b26dda73f406fa33b7bf64149e177a34593b067c7d537aee8abe

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

                                        GET / HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-Type: text/html; charset="utf-8"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, private, no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12261
Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; HttpOnly; path=/; port=443; secure
roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
roundcube_sessauth=expired; HttpOnly; domain=webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; domain=.webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
horde_secret_key=expired; HttpOnly; domain=.webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=443; secure
PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
imp_key=expired; HttpOnly; domain=webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; domain=.webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443
horde_secret_key=expired; HttpOnly; domain=.webmail.000232166.duckdns.org; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443
roundcube_cookies=enabled; HttpOnly; expires=Wed, 03-Apr-2024 21:25:33 GMT; path=/; port=443; secure
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css

84.32.230.54

200 OK

521

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
IP

84.32.230.54:0
ASN

#0

Magic

ASCII text, with very long lines (6358), with no line terminators

Size

521
Hash

e1bfdd4fec717753479160686f7674a4

cc60323efa7a31ff4487ab6d02192a57c19352e6

a6c563b96a515ae1abcd2ae08d39552066e7374cafd2e068e14acbbe3d4c3d38

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:33 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 521
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1c682b982d1ecaa1d27cb4da560edd95

fa046ceed7b97d3893993b65490b24f718bd1d7a

4faa28c9a8c88aa88a28e8065763938a3cf81e62a244482b280a58e825f5a904

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FAA28C9A8C88AA88A28E8065763938A3CF81E62A244482B280A58E825F5A904"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5109
Expires: Tue, 04 Apr 2023 22:50:42 GMT
Date: Tue, 04 Apr 2023 21:25:33 GMT
Connection: keep-alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css

84.32.230.54

200 OK

32591

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
IP

84.32.230.54:0
ASN

#0

Magic

ASCII text, with very long lines (35968)

Size

32591
Hash

9cdb7caabaec82bdb1f609a1d6219c72

8f8071e1379083eaad9e7a70632cdfa6b91fd2e0

b0679cefeb5e472176a5eef2fa40f607ae1d2bfbc6f8a9d36ec55181efd2a9ad

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Thu, 03 Feb 2022 17:17:34 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:33 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 32591
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, ETag, Cache-Control, Retry-After, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 21:17:29 GMT
age: 484
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/webmail-logo.svg

84.32.230.54

200 OK

2399

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/webmail-logo.svg
IP

84.32.230.54:0
ASN

#0

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5359)

Size

2399
Hash

3f8fc602e3c075915f8aa0d2bb55dc76

98ca3a3d9c3eb38508c833a2b7174beccb7d906c

502fb2519ad402ebe5c349c058429bb6fe6fd06156f3551ed684133fa71e5ad7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/webmail-logo.svg HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-Type: image/svg+xml
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:33 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 2399
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-error.png

84.32.230.54

200 OK

1026

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-error.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data

Size

1026
Hash

a3265cc598ae28633c060889e790f80c

57530d6996c8f36711ef05681474b8f63d4184b3

bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-error.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:33 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:33 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1026
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-username.png

84.32.230.54

200 OK

320

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-username.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data

Size

320
Hash

07ff84f8c855e5fe9d510ff5c9a4b1e4

11c262053e2b9be57d1dba7cb3d916ef041a0e50

05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-username.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 320
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff

84.32.230.54

200 OK

22660

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff
IP

84.32.230.54:0
ASN

#0

Magic

Web Open Font Format, TrueType, length 22660, version 1.0\012- data

Size

22660
Hash

79515ad0788973c533405f7012dfeccd

5092881fad2caffdc6bf71bdab1ea547b73d3564

22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22660
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff

84.32.230.54

200 OK

22432

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff
IP

84.32.230.54:0
ASN

#0

Magic

Web Open Font Format, TrueType, length 22432, version 1.0\012- data

Size

22432
Hash

2e90d5152ce92858b62ba053c7b9d2cb

8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c

a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22432
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-info.png

84.32.230.54

200 OK

976

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-info.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data

Size

976
Hash

14146cf832470d9beca95a708a1d6f8d

d4b506f92876baea69409f3a78c4718757a53b33

95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-info.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 976
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.117.65.55:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fnHohulKWQdjDsycfJtjog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xa0idQ4v9VQc8zrEH5sVeuO6iFg=
Date: Tue, 04 Apr 2023 21:25:34 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-success.png

84.32.230.54

200 OK

962

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-success.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data

Size

962
Hash

0a0ec2a6468d4d1aa3fc2baa70271ac8

a31fb01790aca8dc1976450e4234cb6ccc328956

cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/notice-success.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 962
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-password.png

84.32.230.54

200 OK

450

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-password.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data

Size

450
Hash

7ac1cefcb7eab93c6d6981ecde6c1635

1523f8cb80ab19108549d0b7db31a58b71c05d39

a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/icon-password.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 450
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/warning.png

84.32.230.54

200 OK

1060

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1643902921/unprotected/cpanel/images/warning.png
IP

84.32.230.54:0
ASN

#0

Magic

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data

Size

1060
Hash

a64b8c7407bf94cc4448cb210bb882e7

a526cf52b2c5b6c2d0409b886de4aa968000fcd8

7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1643902921/unprotected/cpanel/images/warning.png HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1643908654/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Thu, 03 Feb 2022 15:42:01 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1060
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff

84.32.230.54

200 OK

22908

URL HTTP/1.1

webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff
IP

84.32.230.54:0
ASN

#0

Magic

Web Open Font Format, TrueType, length 22908, version 1.0\012- data

Size

22908
Hash

697574b47bcfdd2c45e3e63c7380dd67

4590722b795938e0b6ff1b99701d1abe37aeabef

26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

                                        GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: webmail.000232166.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://webmail.000232166.duckdns.org/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aYZAzOrQijFT2Qmk_%2cca3afd8e7e9b360d4d84e9945e5906a3; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:25:34 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Sat, 03 Jun 2023 21:25:34 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22908
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 21:25:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 21:25:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 21:25:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 21:25:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg

34.120.237.76

200 OK

8658

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8658
Hash

ad137bebd56918d96431d867ae123332

8572417b762ea2b1dccc3d4236336456be6be1cf

92a575b8055174a83ac1066e2ff931525760c9b96f3e588077ce0ce24a0a7b46

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8658
x-amzn-requestid: 36fb7671-bd9a-43fc-8920-c5948711d560
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNkNGjHIAMFsBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429294d-5e753ae346a583ac5cbb42f4;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:05:49 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UPNt2yE-_295UTjOFpgSxhrl1XjSOSgQVJoEf__wc0y5btcJ9dIT1w==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:35 GMT
age: 50520
etag: "8572417b762ea2b1dccc3d4236336456be6be1cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10535

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10535
Hash

790b71fc2b1faa08db8b4334c9c3f9e3

e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4

eed429169c9d3feb115463d8ead934fa348cdca60aabf0c88d4553ed23575c9c

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10535
x-amzn-requestid: 8efe600f-9818-4c23-afd3-41c5a4dece2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbFHSoAMF8HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-65e8e6fd575fdc91668d6676;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NhzzKWFDbSlLrixhTlz5sZSW4x_TPkwj7Kzt6M2m1FmXR7ZdBCCq0w==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 22:01:36 GMT
age: 84239
etag: "e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6494

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0936bac9-0505-47a5-932e-eb63ee65f17f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6494
Hash

440bc52fc1e8c12ac8264a1ee47fc525

00e85bb08fa00deac46dd33bc11e9358c948ecf5

7fd89896357506803bafdb71eccab202b1c492d6489efb4ebb05fb4b367194ad

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0936bac9-0505-47a5-932e-eb63ee65f17f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6494
x-amzn-requestid: e032a9b8-7231-424c-9bcf-3e376fac5c50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CxM52GoDoAMFnUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429f50b-5b86488c35a3bb1d297bb989;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 21:35:07 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: BcUzNKU-YO4ziNV_w26wy18Y7hrf1uLna0vTb18r-3aN1YZk234xxQ==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:53:43 GMT
age: 84712
etag: "00e85bb08fa00deac46dd33bc11e9358c948ecf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6898

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6898
Hash

80fcfbf9081b3ede0bbbb18635a9cbf4

037891066a15726bb272a8d74f96abb1520b4fe3

5cf70d8254f20aea5ca12439a4558f459d6bbf162f5e1a0f9b62e79de29d4b29

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6898
x-amzn-requestid: a56b192d-c797-4521-9af4-e3baaa8e6205
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbGsRoAMFjiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-5aeb60706595f7762c545067;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: FntrW1uzEjetZkzVLvN-VUeVu4uWI0ceRV5-OY12YFGq5LQKFfS2mg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:14 GMT
age: 84801
etag: "037891066a15726bb272a8d74f96abb1520b4fe3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6912

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6912
Hash

9d1360ec3cb182322e0a0c445f57e5b7

9f71e3cd002ca8116d917c3b7fb57291099269d1

e3d216e879d771bf2507928ba1b26465c87a4202a4cdc03483f002c2826a81b2

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6912
x-amzn-requestid: 53fcdc8a-e064-4e81-b5ac-5d0ae4bcfdb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fpuEZ-IAMFxaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b463d-3b7b43f30dd66fae5dc9ea6a;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:49 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: I29hcOKFN0L3ivDpD5pWg-Kg22Z10td_Vll6SRScTslvd__JZnJyTg==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:12 GMT
age: 84803
etag: "9f71e3cd002ca8116d917c3b7fb57291099269d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6803

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6803
Hash

fde7605b95c3ac6b8de339dbd12e17b1

b44d521b31be7b3fe378a0e070c49379a6eab26e

5496cf7c705ccc67dd13f86a07d9a352424d58591aa67afe1e1361c640f8d510

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6803
x-amzn-requestid: 6c78179f-0d11-4a23-8e86-e4f05d7c7f90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fq3HrioAMF7ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4645-758850e07ef9b1512b684c35;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:57 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: fYzW2B9Nf5JLhQdDSzDsT7h-auY41wg3PSAaSI6U68BNGvtHI99W7A==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:51:49 GMT
age: 84826
etag: "b44d521b31be7b3fe378a0e070c49379a6eab26e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

#1 JS:Script (size: 19395)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 84)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

HTTP Transactions (33)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2