Report - alaskaus1a.dynamic-dns.net/dee19550f83660f1db5f958ef4763a5e/?cont=QERldmlsbWFzazA5&token=2cdfe0b3db95b783b519a00f59dcb481beecedd27827f66705cb16aa18a7c7e8c20b9face4d231cdf9fdfb3cb837fda43d076934a007afab7cdc7cb5c902e15b

Report Overview

URL

alaskaus1a.dynamic-dns.net/dee19550f83660f1db5f958ef4763a5e/?cont=QERldmlsbWFzazA5&token=2cdfe0b3db95b783b519a00f59dcb481beecedd27827f66705cb16aa18a7c7e8c20b9face4d231cdf9fdfb3cb837fda43d076934a007afab7cdc7cb5c902e15b
IP

137.184.184.135

ASN

#14061 DIGITALOCEAN-ASN
Submitted

2022-12-28T07:54:23Z

Access
Tags

dyndns
urlquery detections

Suspicious - DynDNS domain

Detections

urlquery

41
Network Intrusion Detection

43
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cdn.cookielaw.org (6)	502	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2713	116496	104.16.148.64
www.facebook.com (1)	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	836	349	31.13.72.36
bat.bing.com (3)	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2114	13705	204.79.197.200
connect.facebook.net (1)	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383	28579	31.13.72.12
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	35.241.9.150
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	875	757	142.250.74.164
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	909	572	216.239.32.36
js.adsrvr.org (1)	1664	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377	2391	143.204.45.46
ocsp.digicert.com (8)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2728	5355	93.184.220.29
ocsp.sectigo.com (1)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340	964	172.64.155.188
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	53488	34.120.237.76
ocsp.pki.goog (8)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2744	5596	216.58.211.3
www.google-analytics.com (2)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1422	21330	142.250.74.110
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7094	23.36.76.226
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.35.143.109
cdnjs.cloudflare.com (3)	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1375	150783	104.17.24.14
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	143.204.42.158
prism.app-us1.com (1)	8479	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	619	462	104.17.145.91
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	874	757	142.250.74.163
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
apps.mypurecloud.com (1)	13135	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390	7507	52.204.155.250
insight.adsrvr.org (1)	631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	767	262	35.71.131.137
devilsms.live (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	783	52948	199.188.200.254
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	391	99881	142.250.74.168
googleads.g.doubleclick.net (1)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	895	1959	142.250.74.130
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	625	720	209.85.233.155
alaskaus1a.dynamic-dns.net (40)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	24949	851823	137.184.184.135

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2022-12-28T07:54:07Z	medium	Client IP	Internal IP	ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
2022-12-28T07:54:07Z	medium	Client IP	Internal IP	ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
2022-12-28T07:54:07Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:08Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:08Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:09Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:10Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:11Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:11Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain
2022-12-28T07:54:11Z	medium	Client IP	137.184.184.135	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (105)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

cd2bda30513692aa11a672c6a599935d

a944c3aa26b461063194a4bb95ce427d23a32d03

d975d1eab40c9fe4986ae0675d79e4f982eb9c0e2f503ca72b3bdf0ec9e7dfdc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D975D1EAB40C9FE4986AE0675D79E4F982EB9C0E2F503CA72B3BDF0EC9E7DFDC"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11349
Expires: Wed, 28 Dec 2022 11:03:21 GMT
Date: Wed, 28 Dec 2022 07:54:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

78f1f94544ef06b96bb43283f59d100f

fa2f1a3730a98c6fa5ebf976143fb6093a7298be

889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4470
Expires: Wed, 28 Dec 2022 09:08:42 GMT
Date: Wed, 28 Dec 2022 07:54:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b2d59bdbb1ca6324590988ec031cf1fc

bfd4e25af37dcde4bac38d9b178c5ac8e50f8834

cef2180120ef42ff09d54577229c058d41d2c569d485f5a6dcfadc74bf8aa647

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF2180120EF42FF09D54577229C058D41D2C569D485F5A6DCFADC74BF8AA647"
Last-Modified: Mon, 26 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Wed, 28 Dec 2022 08:38:30 GMT
Date: Wed, 28 Dec 2022 07:54:12 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

30db107dcf4380cef05efea409c2e6a3

96e6a306fbc07299aba64e5c14e2bfca35872fa9

b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 28 Dec 2022 07:46:45 GMT
content-type: application/json
age: 447
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

b1fcd419a4245617397846e8d17233f6

2a037ce244587640b27ead9a0ec2af4f862d91b2

e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: LFdrtlvaaEh1MhMYxFwgjfURnxOBw8Vs4z9ZbJh954ZeQkF7HW665EIYlTwn7ZcLKd200zMACks=
x-amz-request-id: BVM26QACG0MJH1ND
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 28 Dec 2022 06:56:03 GMT
age: 3489
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 28 Dec 2022 07:54:12 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

alaskaus1a.dynamic-dns.net/dee19550f83660f1db5f958ef4763a5e/?cont=QERldmlsbWFzazA5&token=2cdfe0b3db95b783b519a00f59dcb481beecedd27827f66705cb16aa18a7c7e8c20b9face4d231cdf9fdfb3cb837fda43d076934a007afab7cdc7cb5c902e15b

137.184.184.135

302 Found

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/dee19550f83660f1db5f958ef4763a5e/?cont=QERldmlsbWFzazA5&token=2cdfe0b3db95b783b519a00f59dcb481beecedd27827f66705cb16aa18a7c7e8c20b9face4d231cdf9fdfb3cb837fda43d076934a007afab7cdc7cb5c902e15b
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /dee19550f83660f1db5f958ef4763a5e/?cont=QERldmlsbWFzazA5&token=2cdfe0b3db95b783b519a00f59dcb481beecedd27827f66705cb16aa18a7c7e8c20b9face4d231cdf9fdfb3cb837fda43d076934a007afab7cdc7cb5c902e15b HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 07:54:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9; path=/
Location: ../index.php
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 28 Dec 2022 07:08:08 GMT
age: 2764
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

60b8396db0bbfa5f2ae7e34c9d04ebcc

50b6c68aa2b2a459315a9989f5d3e326e8ad5539

c10a1e0f984b121958a5cfa3b45b746db85d33c9073fcacb019d9bb27ef3b073

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3050
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:12 GMT
Last-Modified: Wed, 28 Dec 2022 07:03:22 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

alaskaus1a.dynamic-dns.net/index.php

137.184.184.135

302 Found

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/index.php
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /index.php HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 07:54:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 1086f9d67deb905989e831367a0726a0?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7

137.184.184.135

301 Moved Permanently

436

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

436
Hash

d81337c2e70b1d78e002a98c2c04f381

dad87cee9cb13392c331ccfe16ab29a89a5af197

9c3d7d644cf172ace5ea28500c4b5a084b641dea3802b97e783bcd7785b0d0e9

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7 HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Location: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Content-Length: 436
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

push.services.mozilla.com/

52.35.143.109

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.35.143.109:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tEihLHd9bDTs1jZHSxdgRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 968MRAk+9iWtUJtFXqqdV3239XY=

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3474
Cache-Control: max-age=134923
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:13 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:22:56 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3474
Cache-Control: max-age=134923
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:13 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:22:56 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

3130754e3b8ed3b210e00966aa579f0e

8d5b8f398fb17b9de7b8c825dd8d7eccfc1d9587

fffa7d428ef47447418b322ab16b038dd3a277639d8852a51de2c7de8d15fa3c

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5926
Cache-Control: max-age=86641
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:13 GMT
Etag: "63aa8e70-117"
Expires: Thu, 29 Dec 2022 07:58:14 GMT
Last-Modified: Tue, 27 Dec 2022 06:19:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5631

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP

104.17.24.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (30837)

Size

5631
Hash

109d1ed85cd01f9cdab73a4cac5bf80d

d6c6498ad46de2d8e2008a8ff68e364ae7f16b32

8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

                                        GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:13 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 558126
expires: Mon, 18 Dec 2023 07:54:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHr%2Br%2BwiF4sqCWdo2Xonz6Pl2o3dZ30hluXps003u1T1PKk5cdxmZKIMNYlOr0BXo8fkxeInuXcWN4mDb3ogz9ayuThBHJ4mNfym3Sun9bxTjcgXfEE0LRVthVjtym686j5jHoXE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7808ba0b7f7d1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css

104.17.24.14

200 OK

15248

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css
IP

104.17.24.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65317)

Size

15248
Hash

eaa2e9825d0aa4108e5c61a9058f5434

2c855186ced95e99325836c2af8b9cc2e823848a

65b91a9d675a0b22b90132b403e14db1fe82496a45c2a077ddecb2452e929077

HTTP Headers

                                        GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alaskaus1a.dynamic-dns.net
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:13 GMT
content-type: text/css; charset=utf-8
content-length: 15248
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "620188b3-3b90"
last-modified: Mon, 07 Feb 2022 21:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1783792
expires: Mon, 18 Dec 2023 07:54:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o51h6PDvIauYlMr%2F0%2FwNjNI0ztHXdlnfk2DuZdjTRw5WfaMrLFUSH1MDccCWXm81ktd%2F6bdc1Pg7sZVnwYSK%2BM63jeoBIWIz7bLdkFw8bwz0LdZ%2FFYrbCIR9tPUAsosCtf8GM13%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7808ba0b88eb0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.16.148.64

200 OK

7151

URL HTTP/2

cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP

104.16.148.64:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (21747)

Size

7151
Hash

4292e44eba0796aac4d0b7aab80daec2

8131fd92ed85c9e8378d78e2b668cd7163fdf875

0deff459ca0049e97fc03f4a80660ef7e69185057ffdcd1a462cd3bcaffb6e5b

HTTP Headers

                                        GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:13 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: QpLkTroHlqrE0LequA2uwg==
last-modified: Wed, 21 Dec 2022 07:32:46 GMT
etag: 0x8DAE3258E5CB56A
x-ms-request-id: 6bd0e487-b01e-00a1-089a-15167d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 21854
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7808ba0b8d72b4ed-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

aaa1370e3342c33327dfd816c73e1435

8fb6511de801b02b33ba5b922ef11a841acb3e5a

f1b67598100c32a278495882d6b58f11596577e7ecab6a768554bfcca3106aff

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3474
Cache-Control: max-age=134923
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 07:54:13 GMT
Etag: "63ab549e-117"
Expires: Thu, 29 Dec 2022 21:22:56 GMT
Last-Modified: Tue, 27 Dec 2022 20:25:02 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?matcher

137.184.184.135

200 OK

1713

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?matcher
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

1713
Hash

9bed8a3055a7d97e2d28eb30fc0df992

0430ea56087da3489c26f3390fad8fecfabe9e18

144a259a5498b4d784eec2e72a9cf689203c3ce48b574c9af21b4e258cfc851c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/alaska-common.js?matcher HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 1713
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?cache

137.184.184.135

200 OK

1713

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?cache
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

1713
Hash

9bed8a3055a7d97e2d28eb30fc0df992

0430ea56087da3489c26f3390fad8fecfabe9e18

144a259a5498b4d784eec2e72a9cf689203c3ce48b574c9af21b4e258cfc851c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/alaska-common.js?cache HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 1713
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery/acc-slick/slick.css

137.184.184.135

200 OK

10282

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery/acc-slick/slick.css
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Unicode text, UTF-8 text, with CRLF line terminators

Size

10282
Hash

769a0502a4414f3bb603934aa889b898

b35c6585cd3a533984b722815a93e041bcbb3378

7251e3e953dddf94f980a48e24415230d30695550b508f6ff651332adcbf23da

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/js/jquery/acc-slick/slick.css HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 10282
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/current/chat/genesys_akusa.css?20220304133

137.184.184.135

200 OK

6703

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/current/chat/genesys_akusa.css?20220304133
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

6703
Hash

a8921a2f667584a0b9077674e495c7fe

f86326198b72901cfb534a51be7901e5659c7262

30e3261801acb89e2171e959c4012066d97772287a6003a2eabf8600f385afd5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/current/chat/genesys_akusa.css?20220304133 HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 6703
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusa-home.css

137.184.184.135

200 OK

8733

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusa-home.css
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with CRLF line terminators

Size

8733
Hash

11e34766e053173238cb2c8bb998c90b

2e26ac2e0ae035b5ec51e35c4ded9add334208d2

97b570b1901b985a8d4d776cb47043de0320bd72754020b310eccb0464861a73

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/css/akusa-home.css HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 8733
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.sectigo.com/

172.64.155.188

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

b65e4c5c5b2286c6d96788e524807b5b

1091c9a6d61410c121e0f142b4d7adc18301158a

a4ff847a4f2d2f4574855d108147d28df0e34a3f4409d64499e21b7173727ba3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 28 Dec 2022 05:40:05 GMT
Expires: Wed, 04 Jan 2023 05:40:04 GMT
Etag: "1091c9a6d61410c121e0f142b4d7adc18301158a"
Cache-Control: max-age=596149,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7808ba0d9875b529-OSL

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusa-desktop.css?20220304133

137.184.184.135

200 OK

26526

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusa-desktop.css?20220304133
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with very long lines (844), with CRLF line terminators

Size

26526
Hash

24de8c6dc6c62c60d5eff55f1dab26ab

db61e17f268b1d9dc9c8c39fc9bb0b7ca9425c09

623880727dce36ea3c3a6b65bbc9d56f29c2bfe4c134ca6a0c3d43a82c63f0dc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/css/akusa-desktop.css?20220304133 HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:13 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 26526
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusafonts.css

137.184.184.135

200 OK

4745

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/css/akusafonts.css
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with CRLF line terminators

Size

4745
Hash

7bca826d32f3e3f41c0df8f236402ca9

9880a8aade6efaf4d80ec22a4b0976185ee37d36

91c30fc9915df9e1e486290b11d4ea724b0473b64c02d77bbbf1d8d03b75714e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/css/akusafonts.css HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:14 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 4745
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?async

137.184.184.135

200 OK

1713

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/alaska-common.js?async
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text

Size

1713
Hash

9bed8a3055a7d97e2d28eb30fc0df992

0430ea56087da3489c26f3390fad8fecfabe9e18

144a259a5498b4d784eec2e72a9cf689203c3ce48b574c9af21b4e258cfc851c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/alaska-common.js?async HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:14 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 1713
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

143.204.42.158:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

9671cd42841ab75d9f292268909b8c75

523ea3899be44267861aec842eebc2e18c597f6e

15a92cbaad10b73d775e0668f819fa764e83a1cfb2a0b5c8fff393d5bb9a7104

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128119
Date: Wed, 28 Dec 2022 07:54:14 GMT
Etag: "63ab39d0-1d7"
Expires: Thu, 29 Dec 2022 19:29:33 GMT
Last-Modified: Tue, 27 Dec 2022 18:30:40 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p8p_8DD4Clg4ddlLEElYwYUIaGkM5eUG8xqrrJ3EuXxoui_pyod8nA==
Age: 3533

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery.accAccordion.js

137.184.184.135

200 OK

9771

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery.accAccordion.js
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with CRLF line terminators

Size

9771
Hash

e843f4a5281f196eff6c61e3e428913d

91e2eb2e90cda1629a9bb7a08332b1afd5c20f7b

b6353d3cc84ec7a0c6bb0277719e00445fa14d2ad878fbe0cd68edfe946fae01

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/js/jquery.accAccordion.js HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:14 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 9771
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery.leanModal.AKUSA.2.1.js

137.184.184.135

200 OK

14977

URL HTTP/1.1

alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/js/jquery.leanModal.AKUSA.2.1.js
IP

137.184.184.135:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with CRLF line terminators

Size

14977
Hash

f3c5c552762590af3bf7627387961052

577de72de0f60b0b00018c1f143c23f8887a9964

520add555ccbca7321335129b52653eab9ef85b25c1175e43de4ec2cb2a00b89

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamic-dns.net Domain

HTTP Headers

                                        GET /1086f9d67deb905989e831367a0726a0/js/jquery.leanModal.AKUSA.2.1.js HTTP/1.1
Host: alaskaus1a.dynamic-dns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/1086f9d67deb905989e831367a0726a0/?cont=QERldmlsbWFzazA5&token=e7e08cda8ef05c2c4e4e8b50fe7c30b7c53b29ada4d44ae2c7cabda5c171ee5b1fb7e9a7a882c58adc9664c2b2a0db5a1c2a2b75e70a90a21267e70309ac55d7
Cookie: PHPSESSID=731e4b042e5b00b79afcb899515465c9

                                        HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 07:54:14 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2022 07:54:12 GMT
Accept-Ranges: bytes
Content-Length: 14977
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

devilsms.live/css/alaskausa/akusa-base.css?20220304133

199.188.200.254

404 Not Found

1238

URL HTTP/2

devilsms.live/css/alaskausa/akusa-base.css?20220304133
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators

Size

1238
Hash

0bde7d4b3da67537eaf9188e6f8049cf

64300fc482d01d38b40ab20e15960b6509665e5a

5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

                                        GET /css/alaskausa/akusa-base.css?20220304133 HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Wed, 28 Dec 2022 07:54:14 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

apps.mypurecloud.com/widgets/9.0/cxbus.min.js

52.204.155.250

200 OK

6977

URL HTTP/2

apps.mypurecloud.com/widgets/9.0/cxbus.min.js
IP

52.204.155.250:0
ASN

#14618 AMAZON-AES

Magic

Unicode text, UTF-8 text, with very long lines (20450)

Size

6977
Hash

bcc2ec1ce14ec44b03e850191f1c660f

f0918f7d44679870d9abfd52a2c91f139b9a6925

c36febef70f02488e9ca5db43f9b6e510bdd75c98878fe69b519282add67f95e

HTTP Headers

                                        GET /widgets/9.0/cxbus.min.js HTTP/1.1
Host: apps.mypurecloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alaskaus1a.dynamic-dns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:14 GMT
content-type: text/javascript
content-length: 6977
server: nginx
x-amz-id-2: B8BVnNKhlkugRKAwNvXyPu7OV8ZYLbfNC69lbElxNcosj+CuLN5AJUbf11wfIOEQ4PC/harTQTo=
x-amz-request-id: G57EJ4TNKX1S6WDB
cache-control: max-age=0, no-cache
content-encoding: gzip
last-modified: Wed, 19 Oct 2022 11:04:39 GMT
x-amz-version-id: zvxGsS5zFCx_BNFBE7YwFMviBcqvk8Ax
etag: "bcc2ec1ce14ec44b03e850191f1c660f"
strict-transport-security: max-age=15768000; includeSubDomains
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

126828

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2
IP

104.17.24.14:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 126828, version 768.256\012- data

Size

126828
Hash

297973a488f688271dd223d542ba2697

ed99d812e4c88826335f93acede3fad85c90fb54

1b099f88c06ed0869872561c157f0ec9cbe133a0939d9ece4ee1e1f54bd4683d

HTTP Headers

                                        GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://alaskaus1a.dynamic-dns.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Wed, 28 Dec 2022 07:54:14 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 126828
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "620188b3-1ef6c"
last-modified: Mon, 07 Feb 2022 21:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 9945892
expires: Mon, 18 Dec 2023 07:54:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJ3E5UWzxJ%2B85VCIuVG9X4QykT2QkEjvfrhDpOa5rVforDFvpBXGyJKihPMQ%2BGFH0Hvtn8VvlQh%2FWnROOTJhhxKz0ugIAMswnFs68kHF86j7TjPlnD89W3nh0iH6FMAbzO9zqqUU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7808ba0f7bc30b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cookielaw.org/consent/d9012451-973f-4944-835c-e7020071d90c/d9012451-973f-4944-835c-e7020071d90c.json

104.16.148.64

200 OK

1076

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (38)

#1 JS:Script (size: 728)

#2 JS:Script (size: 3737)

#3 JS:Script (size: 2269)

#4 JS:Script (size: 1713)

#5 JS:Script (size: 573)

#6 JS:Script (size: 150952)

#7 JS:Script (size: 21)

#8 JS:Script (size: 299639)

#9 JS:Script (size: 21)

#10 JS:Script (size: 93486)

#11 JS:Script (size: 1408)

#12 JS:Script (size: 105105)

#13 JS:Script (size: 176)

#14 JS:Script (size: 0)

#15 JS:Script (size: 91213)

#16 JS:Script (size: 369)

#17 JS:Script (size: 6314)

#18 JS:Script (size: 50230)

#19 JS:Script (size: 65286)

#20 JS:Script (size: 14977)

#21 JS:Script (size: 3257)

#22 JS:Script (size: 4593)

#23 JS:Script (size: 24240)

#24 JS:Script (size: 21)

#25 JS:Script (size: 21)

#26 JS:Script (size: 172)

#27 JS:Script (size: 150943)

#28 JS:Script (size: 9771)

#29 JS:Script (size: 42)

#30 JS:Script (size: 512)

#31 JS:Script (size: 20584)

#32 JS:Script (size: 21748)

#33 JS:Script (size: 91138)

#34 JS:Script (size: 128)

#35 JS:Script (size: 39125)

#36 JS:Script (size: 21)

#37 JS:Script (size: 3346)

#38 JS:Script (size: 536)

HTTP Transactions (105)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic