Overview

URL qtvxyjqydn.duckdns.org/step2.html
IP45.12.138.122
ASNDEDIPATH-LLC
Location United States
Report completed2022-09-27 22:36:38 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
2022-09-27 2 qtvxyjqydn.duckdns.org/step2.html National Tax Agency JAPAN
2022-09-23 2 qtvxyjqydn.duckdns.org/ National Tax Agency JAPAN
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-27 2 qtvxyjqydn.duckdns.org/static/au_order/vcard.jpeg Phishing
2022-09-27 2 qtvxyjqydn.duckdns.org/static/js/jquery.cookie.js Phishing
2022-09-27 2 qtvxyjqydn.duckdns.org/step2.html Phishing
2022-09-27 2 qtvxyjqydn.duckdns.org/static/js/jquery-3.3.1.min.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed
2022-09-27 2 qtvxyjqydn.duckdns.org Sinkholed


Files

No files detected



Passive DNS (10)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-27 21:28:46 UTC 93.184.220.29
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-27 05:00:30 UTC 104.18.20.226
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-27 13:22:33 UTC 34.120.237.76
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-27 05:14:54 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-27 04:52:33 UTC 34.117.237.239
mnemonic passive DNS qtvxyjqydn.duckdns.org (16) 0 2022-09-22 08:45:36 UTC 2022-09-27 18:35:46 UTC 45.12.138.122 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-27 05:14:54 UTC 54.200.107.47
mnemonic passive DNS www.nta.go.jp (1) 0 2022-06-02 22:30:28 UTC 2022-09-27 19:35:53 UTC 54.230.111.22 Domain (nta.go.jp) ranked at: 320855
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-27 14:55:40 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-27 04:52:25 UTC 23.36.77.32


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.12.138.122

Date UQ / IDS / BL URL IP
2022-12-03 02:15:47 +0000
4 - 0 - 1 ttshhbiqeh.duckdns.org/ 45.12.138.122
2022-11-12 05:39:28 +0000
4 - 0 - 4 mllypjmzyj.duckdns.org/ 45.12.138.122
2022-11-12 01:36:08 +0000
4 - 0 - 4 hkiyduoxou.duckdns.org/ 45.12.138.122
2022-11-12 00:36:21 +0000
4 - 0 - 7 ghntywxonl.duckdns.org/ 45.12.138.122
2022-11-12 00:35:54 +0000
4 - 0 - 7 ewrgguogyy.duckdns.org/ 45.12.138.122

Last 5 reports on ASN: DEDIPATH-LLC

Date UQ / IDS / BL URL IP
2022-12-06 03:56:35 +0000
0 - 0 - 1 cost.financiallyfitone.com/kfreihgetfywfubcds (...) 66.150.130.192
2022-12-06 00:01:33 +0000
30 - 0 - 16 dbdcspqjnv.duckdns.org/ 45.92.8.9
2022-12-06 00:01:09 +0000
30 - 0 - 16 acpksfxesp.duckdns.org/ 185.212.68.14
2022-12-06 00:01:00 +0000
11 - 0 - 15 bteffvedge.duckdns.org/ 45.88.221.115
2022-12-05 21:52:22 +0000
0 - 0 - 12 m-ora-zzia.ru/ 23.147.229.205

Last 2 reports on domain: qtvxyjqydn.duckdns.org

Date UQ / IDS / BL URL IP
2022-09-27 22:36:38 +0000
17 - 0 - 36 qtvxyjqydn.duckdns.org/step2.html 45.12.138.122
2022-09-23 06:34:45 +0000
12 - 0 - 21 qtvxyjqydn.duckdns.org/ 45.12.138.122

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-10 10:41:22 +0000
17 - 0 - 36 xypjbbgkmx.duckdns.org/step2.html 45.12.138.122
2022-10-10 06:37:43 +0000
18 - 0 - 39 xypjbbgkmx.duckdns.org/step2.html 45.12.138.122
2022-10-07 20:16:18 +0000
17 - 0 - 33 zhkhfhaamk.duckdns.org/step2.html 212.103.61.97
2022-10-05 17:05:15 +0000
16 - 0 - 34 ihkgpjvgdy.duckdns.org/step2.html 212.103.61.97
2022-10-26 21:47:02 +0000
14 - 0 - 5 dfeovqsffa.duckdns.org/step2.html 213.59.118.101


JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 22:03:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: H0KDiLMhzJ3ljmkhtYzpa3gs4zOQV774qyqDSzH9C1-Sbtn1fARYpQ==
Age: 1969


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2525
Expires: Tue, 27 Sep 2022 23:18:33 GMT
Date: Tue, 27 Sep 2022 22:36:28 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H4hZQoUCgcI_EpOjPDOAS_smwnTDAUHOP_inczDQuvWXCzeE2kUaRQ==
age: 47535
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A9DBCEBEE369149B1525961D0BEC231A11B84902F0D248C11B5C1FD4054C4FE4"
Last-Modified: Tue, 27 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21474
Expires: Wed, 28 Sep 2022 04:34:22 GMT
Date: Tue, 27 Sep 2022 22:36:28 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /static/gs_vk/reset.css HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-374"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  CSV text\012- , ASCII text, with CRLF line terminators
Size:   884
Md5:    a77d6f26781539c015b1b1d84dac9c06
Sha1:   6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb
Sha256: e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/payment.css HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 314
last-modified: Tue, 09 Aug 2022 08:08:30 GMT
etag: "62f215fe-13a"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   314
Md5:    46ed104ebad73339bba55438b7208106
Sha1:   9ee20c10996dd6c0168b9ab59340a6b09688292e
Sha256: d6b2444c90793280c26a9f831d99757781798d302bc14852042338923647b890

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 22:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 23:08:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XjQULl4K9KbNpqauiSAlfILYjpv1hGtnxUUqddKSqcWmgEnXQpP-gA==
Age: 1542


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /static/gs_vk/logo.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-b9d"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size:   2973
Md5:    c6d404ecaa7646ff497deaad55392996
Sha1:   1c66c5caf35e3e633d1cb1e09a334362ad11f5fb
Sha256: bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/vcard.jpeg HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 32796
last-modified: Thu, 17 Mar 2022 06:44:20 GMT
etag: "6232d8c4-801c"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 485x485, components 3\012- data
Size:   32796
Md5:    9d9bea80f7bf8d900c0b172e8c3bc553
Sha1:   8ffd779d3177165fe79bfe08768f577d5466bb30
Sha256: 30ac02f2f32bd6449033baedc40fe40ed9019dcebc63b514fdb6e32dfeba0758

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/fig_cc-01.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 1741
last-modified: Wed, 20 Jul 2022 07:54:12 GMT
etag: "62d7b4a4-6cd"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 102 x 24, 8-bit colormap, non-interlaced\012- data
Size:   1741
Md5:    de11b8799850438173d4fbb88d9f8670
Sha1:   c1d52f71b8501a4aed0892ff0bdb166f47423924
Sha256: ca12241ddbe5e9e4c018782bfe45123e61348371e32f60d3a5abd2019e1197c9

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/icon_seven.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 2116
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
etag: "6232d8c0-844"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size:   2116
Md5:    2c0b47b6d78982d38a578c71eb4de310
Sha1:   9b319d1acba2751fd81b4b8c9695ad9d1462c84e
Sha256: f4c13cfc9310805af5435b0d5f04960dcae82109c7aa89389bd04d8fe5d26896

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/icon_lawson.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 1379
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
etag: "6232d8c0-563"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 98 x 33, 8-bit colormap, non-interlaced\012- data
Size:   1379
Md5:    effd82254b0545b83f298b3ba9657542
Sha1:   765f2d9f069ad0490235ce6f850dbf37426d75cf
Sha256: c1a87c4599f42a2cc86ec8e78d0f6ef3b02a1ecd41a6bff8f1d9050c9490a936

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/icon_ministop.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 1259
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
etag: "6232d8c0-4eb"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 33, 8-bit colormap, non-interlaced\012- data
Size:   1259
Md5:    4b30b024eb7e8a81c25e451193794dad
Sha1:   89a3f4f691c2f192cc16fa51f368c89916b96ddc
Sha256: c46abe457820829f581a15b2b25baa925fc78d6aa7c1989503b47859d0569b6e

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/icon_seicomart.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 3525
last-modified: Thu, 17 Mar 2022 06:44:16 GMT
etag: "6232d8c0-dc5"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 132 x 33, 8-bit/color RGB, non-interlaced\012- data
Size:   3525
Md5:    d83ece24ee999c79c8cd467b3a45c570
Sha1:   4b431c5a7c9d34581a92f6b92977441cb7546b20
Sha256: b0baf30a5d52de6372685e6c3935205b7f38433ba114332de655de078c64d8d0

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/au_order/pay-easy_logo.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 6283
last-modified: Thu, 17 Mar 2022 06:44:18 GMT
etag: "6232d8c2-188b"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 94 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size:   6283
Md5:    dc0d30d43624fd17db9d5fc0c1624433
Sha1:   0351f0a7049430bf21c18646e9ad3eb938e2dfee
Sha256: 6b316bfcffb7626a3033f21238e0b93ee714d4f614eae8a0894ad9e7faab99bd

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/gs_vk/syozai_icon.png HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
etag: "62f215d6-511"
expires: Thu, 27 Oct 2022 22:36:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1297
Md5:    d038e6e8e4472bbcf6e5dac6a23d5a0e
Sha1:   fce966980cd73b2d732e0081b7e8dc9751db160d
Sha256: 5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4083
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:36:29 GMT
Last-Modified: Tue, 27 Sep 2022 21:28:26 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jeapb5wKT9ULoCUlMvk1gA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.200.107.47
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6c14tOG6zcUfw4Fjk6XVzcEfkHY=

                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:36:29 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Oct 2022 20:09:35 GMT
ETag: "d073a4685bff03d6816d8cc056dcd45a1f43b188"
Last-Modified: Tue, 27 Sep 2022 20:09:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517b7ea3a160b55-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    b6931a343989a6136605a08061bc287b
Sha1:   d073a4685bff03d6816d8cc056dcd45a1f43b188
Sha256: d59b3b6bf1d0905d7d521644bfb343b9e63c5b0783effbdb6b9b0143bb17c495
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BE9798274E941801F38FA7C3FED0A00E603027020B920FD00B398BE24AF79A0"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Wed, 28 Sep 2022 04:35:51 GMT
Date: Tue, 27 Sep 2022 22:36:29 GMT
Connection: keep-alive

                                        
                                            GET /template/img/template/headerbackground.jpg HTTP/1.1 
Host: www.nta.go.jp
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.22
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 29881
server: Apache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Fri, 30 Mar 2018 05:48:34 GMT
accept-ranges: bytes
date: Tue, 27 Sep 2022 22:36:30 GMT
etag: "74b9-5689aca6dd080"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OMACC9BzdeVo0Mgi4utFWgaebSuiypNTY-P2CXqMKHmgLfj5JX530w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 980x113, components 3\012- data
Size:   29881
Md5:    e5e2087ec026ba50dceab21313cde200
Sha1:   32528b75731905a34f01e6b4cdf3937f72c4098f
Sha256: 9f7bcb50485acc2487f525f5d0d49bf0e3c239ee0150685a621b7e84d67818c7
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17893
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:36:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17893
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:36:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17893
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:36:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17893
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:36:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17893
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:36:30 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13058
x-amzn-requestid: 2ce70ac3-0451-41f4-bd82-596a92582a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EiiIAMFQLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-25deabef6235856b6d9bb19f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oGmQtgwLy_unp2_L3WP10HsyeCSgao4_37Kf6K8JeeVgz8YXbDvDWQ==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:47 GMT
age: 2983
etag: "7d8b30445dadc44a17e5a26301212fced3aaa2af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13058
Md5:    e49757d877a437a57f39d458862e8369
Sha1:   7d8b30445dadc44a17e5a26301212fced3aaa2af
Sha256: e8b481bd5fe7ce92aa614cb77c9318ef8b763e71a178126805a4c363e6f91a9b
                                        
                                            GET /static/au_order/new1.css HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
last-modified: Wed, 20 Jul 2022 08:12:56 GMT
vary: Accept-Encoding
etag: W/"62d7b908-11b7"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   8296
Md5:    49310f1f9e5d95b2a04aab2ae4a2cb24
Sha1:   300aa087166d0d205403f36dbd54550caea99048
Sha256: e627f7c1c4b83e2d81eec1d71f19628fccf64805c3402ab84ede76a59d40d867

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6721
x-amzn-requestid: ea4416a4-ffbe-4006-bb09-aa0a70763ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xTGNOoAMFXeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-6634cd372bd677227f755769;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TlEcmqE03c_aVOwGbXRCTsU5MOTiUF4C93U3zcIVqzg6NCGJJGup7A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:09:10 GMT
age: 1640
etag: "e951f6b11e473b68d2fdd95b822cef120d37b1eb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6721
Md5:    c4a66beda24621e812a929933c52025d
Sha1:   e951f6b11e473b68d2fdd95b822cef120d37b1eb
Sha256: 28efb1495fdb363cea9ccc6c38f84b2731dbd44dd4dbbe42996fa6fab74e1ce6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 6627e07e-034b-432e-ab9e-afe035fa0b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e9HgIoAMFxUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-7f34c3f6454379724a7ac413;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: J27vcANRhkMUuGwTZjXkO0EF0-UjN-MODVQRKgsc7hJI2S-UPF8Ctw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:53 GMT
age: 3337
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 3341
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11314
Md5:    ee83d08d024d127fad5918e1ffacb78b
Sha1:   8ad289a77705358ab660b6123e9d90de991b6c13
Sha256: aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 1516
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9780
Md5:    43d7c0db2af42ad4d0095324b2691f6c
Sha1:   1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
Sha256: 42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
                                        
                                            GET /static/gs_vk/public.css HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
last-modified: Tue, 09 Aug 2022 08:07:50 GMT
vary: Accept-Encoding
etag: W/"62f215d6-818"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - quad9: Sinkholed
                                        
                                            GET /static/js/jquery.cookie.js HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-c31"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /step2.html HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
last-modified: Fri, 23 Sep 2022 06:12:28 GMT
vary: Accept-Encoding
etag: W/"632d4e4c-2abb"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /static/js/jquery-3.3.1.min.js HTTP/1.1 
Host: qtvxyjqydn.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtvxyjqydn.duckdns.org/step2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.12.138.122
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 27 Sep 2022 22:36:28 GMT
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
vary: Accept-Encoding
etag: W/"6232d930-1538f"
expires: Wed, 28 Sep 2022 10:36:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: National Tax Agency JAPAN
    - fortinet: Phishing
    - quad9: Sinkholed