| hcputxzdap.duckdns.org/ | 64.15.75.85 | 301 Moved Permanently | 162 B |
IP64.15.75.85:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 17 Mar 2023 09:08:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://hcputxzdap.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3396075e8f2d9ceae3bd11f94111fed8 98ba4ccf6b0e38a91c69b76ac1dc07313773ed1d e533d6bd6a8080facdff772bcbf359373dab2d5a6fe5eabe64f95e68a8cd23aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E533D6BD6A8080FACDFF772BCBF359373DAB2D5A6FE5EABE64F95E68A8CD23AA"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13708
Expires: Fri, 17 Mar 2023 12:57:15 GMT
Date: Fri, 17 Mar 2023 09:08:47 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1424d2734290cfd767b86da0ee0da3bc 875b1243bca41177411ac6af710d2bb96f45a0ac 70b5bb76774526a0cf131445ae2f8639085c3449812497df457f4bc78089917b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70B5BB76774526A0CF131445AE2F8639085C3449812497DF457F4BC78089917B"
Last-Modified: Wed, 15 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8286
Expires: Fri, 17 Mar 2023 11:26:53 GMT
Date: Fri, 17 Mar 2023 09:08:47 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash84db75194692d4afe13196bda6f22da8 4c1f49bc973a4917f146d93c8d598344edc021f6 a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Mar 2023 08:14:26 GMT
content-type: application/json
age: 3261
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash12cdbcb1b0785dc0423386448ac68c9c 08cff6b76fd708f0cef3c5bdb8fc72570c4536bd bb7622a85d32cbff40abd2995055e03dbac05dd841b9a84d9023a5510d89e534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB7622A85D32CBFF40ABD2995055E03DBAC05DD841B9A84D9023A5510D89E534"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17425
Expires: Fri, 17 Mar 2023 13:59:12 GMT
Date: Fri, 17 Mar 2023 09:08:47 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb5ba6334e73496995e3e3a9ecd0eb323 ad80d3b7718c28364e8c2004fb38a13a1747e462 aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pxfhiRh0v01h+/kPQ32rW8M0TdLh1CHXp6SQnetJIng2l+oElxY8m45PN2NPjv9zwMPttaL3MYE=
x-amz-request-id: EN42E58T4QB7H68J
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Mar 2023 08:48:03 GMT
age: 1244
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash07a65870dc0c3dee501f8418c5f95ce8 5700a55ed087d6551b7abd1c165a5dd61e3ffa80 f6d6e5e4301f53c25cf254bf7b624f97d7c98211d28772ea74cedd65baea5004
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6D6E5E4301F53C25CF254BF7B624F97D7C98211D28772EA74CEDD65BAEA5004"
Last-Modified: Thu, 16 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21559
Expires: Fri, 17 Mar 2023 15:08:06 GMT
Date: Fri, 17 Mar 2023 09:08:47 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Mar 2023 08:17:21 GMT
age: 3086
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfc4a4ceaf4ff1530bd1678221e3ab96b 25cbfa3ed3a3ffa3958b9c5d842879f8f458afd4 89c6e447413c88858dfcb92639e614ceb678f2897e4182e70dab2e445565bc18
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C6E447413C88858DFCB92639E614CEB678F2897E4182E70DAB2E445565BC18"
Last-Modified: Tue, 14 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4839
Expires: Fri, 17 Mar 2023 10:29:26 GMT
Date: Fri, 17 Mar 2023 09:08:47 GMT
Connection: keep-alive
|
|
| hcputxzdap.duckdns.org/static/gs_vk/reset.css | 64.15.75.85 | 200 OK | 884 B |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/reset.css IP64.15.75.85:0
File typeCSV text\012- , ASCII text, with CRLF line terminators Hasha77d6f26781539c015b1b1d84dac9c06 6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/reset.css HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: text/css; charset=utf-8
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/gs_vk/index.css | 64.15.75.85 | 200 OK | 748 B |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/index.css IP64.15.75.85:0
Hash91692497e479f6cc955e4de6d627a499 bb57de5c2d4dafee21f66645d776d3064f4b79bd de36d3e9e989de40ae0bf5252af018ef55fdc0ed938042bdba11147f1127e431
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/index.css HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: text/css; charset=utf-8
content-length: 748
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 52.42.13.12 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.42.13.12:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DvoQnsyy9ITavSwVR9C31g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: S28nsxcNrdTSsFXzFR2rywtKdOE=
|
|
| hcputxzdap.duckdns.org/static/gs_vk/logo.png | 64.15.75.85 | 200 OK | 3.0 kB |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/logo.png IP64.15.75.85:0
File typePNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data Hashc6d404ecaa7646ff497deaad55392996 1c66c5caf35e3e633d1cb1e09a334362ad11f5fb bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/logo.png HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: image/png
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/ | 64.15.75.85 | 200 OK | 223 kB |
IP64.15.75.85:0
Size223 kB (222623 bytes) Hash4af73e628a3c151ea79bf470884ff47f 832e2a1df3fb57a82f1da792df00b3037064bcb0 c2c478a3347e2fcdd0d7a1362843b966d271a5ba10bf2c193a0100e1b1c41196
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/gs_vk/index.png | 64.15.75.85 | 200 OK | 104 kB |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/index.png IP64.15.75.85:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x516, components 3\012- data Size104 kB (104029 bytes) Hash3b288cf2cf8b233a1f459e89dc209d79 08aa186779070d33edbca5dece75e2760dfa4065 c0315642042bbc5f62714e1bf1ee5df4fd567a38745af3c67ff09b025a56efbb
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/index.png HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: image/png
content-length: 104029
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/gs_vk/syozai_icon.png | 64.15.75.85 | 200 OK | 1.3 kB |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/syozai_icon.png IP64.15.75.85:0
File typePNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data Hashd038e6e8e4472bbcf6e5dac6a23d5a0e fce966980cd73b2d732e0081b7e8dc9751db160d 5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | phishing | Phishing - Japan's Tax Agency | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/syozai_icon.png HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: image/png
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.20.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.20.226:0
Hashe87fe1e6278855705ef7b02697817b4c c8a29c90bdd0de015994394a2e6602673f09900a 6ce2e2135b6cb2ab87527847615a330611fa9a4ec286163c9cde1c6dcd66dbb5
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 09:08:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 21 Mar 2023 06:44:49 GMT
ETag: "c8a29c90bdd0de015994394a2e6602673f09900a"
Last-Modified: Fri, 17 Mar 2023 06:44:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3560
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a9417eadfafb51e-OSL
|
|
| ocsp.globalsign.com/gsrsaovsslca2018 | 104.18.20.226 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsrsaovsslca2018 IP104.18.20.226:0
Hash7f1820a8081a4de1aff4d0c9664ee330 d6ccc9e6f9a3774ffa1d5843608cb52dfd22c37d c7ff40f0a411a061729090b06af0af4a3ac3fe96a65b189ae612e766221b21c8
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 17 Mar 2023 09:08:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 21 Mar 2023 07:31:57 GMT
ETag: "d6ccc9e6f9a3774ffa1d5843608cb52dfd22c37d"
Last-Modified: Fri, 17 Mar 2023 07:31:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2029
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a9417eb9885b51e-OSL
|
|
| hcputxzdap.duckdns.org/static/js/jquery.cookie.js | 64.15.75.85 | 200 OK | 37 kB |
URL HTTP/2hcputxzdap.duckdns.org/static/js/jquery.cookie.js IP64.15.75.85:0
Hash61bd203f75de5decad07d11789099d07 e19a803957894b23543388f38d1bf39bcace46e9 11864d822290a5dd15c1f26ebe5dee62e383aa4c708926780b1530ca665673d6
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ia.51.la/go1?id=21567201&rt=1679044127846&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1679044127846&tt=&kw=&cu=https%253A%252F%252Fhcputxzdap.duckdns.org%252F&pu= | 112.90.153.37 | 200 | 0 B |
URL HTTP/1.1ia.51.la/go1?id=21567201&rt=1679044127846&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1679044127846&tt=&kw=&cu=https%253A%252F%252Fhcputxzdap.duckdns.org%252F&pu= IP112.90.153.37:0 ASN#136959 China Unicom Guangdong IP network
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21567201&rt=1679044127846&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1679044127846&tt=&kw=&cu=https%253A%252F%252Fhcputxzdap.duckdns.org%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Content-Length: 0
Date: Fri, 17 Mar 2023 09:08:40 GMT
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9515
Expires: Fri, 17 Mar 2023 11:47:24 GMT
Date: Fri, 17 Mar 2023 09:08:49 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9515
Expires: Fri, 17 Mar 2023 11:47:24 GMT
Date: Fri, 17 Mar 2023 09:08:49 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash84762efcb2e1535ae49fca6c1523df33 93e7f138a491d4276a793c2e5b947195ae69a88c 920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9515
Expires: Fri, 17 Mar 2023 11:47:24 GMT
Date: Fri, 17 Mar 2023 09:08:49 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c296bb-3841-4482-a804-5e524806dd03.webp | 34.120.237.76 | 200 OK | 8.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c296bb-3841-4482-a804-5e524806dd03.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash012b5e6cd88d0497b761a245ce487f07 17478cb0258bb4336bc243eef4a18dd0100406d6 a064f711081abae13347e0883214e7b2cdbcf78404256af5f932ae5f6e8df13f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c296bb-3841-4482-a804-5e524806dd03.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8814
x-amzn-requestid: 0b64a3d4-d65b-48a2-b837-a48db73ccf71
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BwnF3HOQoAMFUfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64101ef2-073249406552fbe458b8d1a2;Sampled=0
x-amzn-remapped-date: Tue, 14 Mar 2023 07:14:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: TevJBwo0tP7-zHb5PIWiC4ao-epZmB-r8wp3I18PJPdqSjYpFcHa1Q==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:04:55 GMT
etag: "17478cb0258bb4336bc243eef4a18dd0100406d6"
content-type: image/jpeg
age: 39834
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdad4172a-505a-4014-9bcf-f13aa53b1686.webp | 34.120.237.76 | 200 OK | 8.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdad4172a-505a-4014-9bcf-f13aa53b1686.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8154be92a2d44a0162f1cc673921529f d56d45d301ddd803f7d9e69dee60694cb9cbc598 1ce79bc57af6f1b848992c86f300589070ed7343f8ac9cf1911e9f53f1278dcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdad4172a-505a-4014-9bcf-f13aa53b1686.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8758
x-amzn-requestid: 7c07a43a-3a52-4bea-8ff0-f2e0247c680d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B14rgEQfIAMF2Qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64123b16-5f46de1a5896bb08271f930d;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 21:39:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: vMFWcAD7HS_GJJyrg6ysO_9CO7OFJkiGYjb1s0oN1DbcjFP8EaroYA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:50:18 GMT
age: 40711
etag: "d56d45d301ddd803f7d9e69dee60694cb9cbc598"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg | 34.120.237.76 | 200 OK | 5.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash010bbe685e612868671ed36e422a6b25 3f4f1a419f7461a8dc1486b4a62355eca70ba895 4f6109f0f60cc5997576184faff7a31a4636ed618e15b8913ca76a7e574fbf19
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119face5-3d80-4278-9d71-a22148eb61a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5877
x-amzn-requestid: 5ba83dec-248d-4f89-94cd-83a57be18bc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bmtd0ESMoAMFzYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640c2924-55ed65d90044c459274d6257;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 07:09:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: mqMjrNthVuwCeUq72ZbpLw_PEH4-QQgD-lair6zLmNDoJPCvHI52hQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 22:04:54 GMT
age: 39835
etag: "3f4f1a419f7461a8dc1486b4a62355eca70ba895"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg | 34.120.237.76 | 200 OK | 5.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash05b82ec8d7e99e9499e8b5a980008c60 280fe711e384d60749c6225ddcc7f57c48845719 305b82d6aa40f5af58100de5007ac484c73c0a49ab7c5715b8ab6e83e10270f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6272d07-0ccd-41ba-a86f-72932f0783bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5828
x-amzn-requestid: d366481c-e7c3-4cc5-b3da-c7c4b22f320a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B5KlrFegIAMFa8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64138af0-1c7c39d05a6b31ed1ddcb409;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 21:32:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: WWj5PE-SRteLqD_zUeyBBarnrGodgVs_FuEh3pqlu8NmuSXEKbtJiA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:49:59 GMT
etag: "280fe711e384d60749c6225ddcc7f57c48845719"
content-type: image/jpeg
age: 40730
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash78453ba98b72eff3879ef163b59c86ed 80519bb3726ee1f9f211344cd433cefaed3a7f2e 61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: bka10YWXvoKBRkwgvJNMzm1SSv_J1USzdugO9lPduHxe2uYFYkXh4w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e11ee4e3208082d534c251b36bbee268.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 04:25:38 GMT
age: 16991
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cd8d5e3-d79c-487a-964e-b348a2feabb3.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cd8d5e3-d79c-487a-964e-b348a2feabb3.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash2c9f30d91d75efebd3f890da5ae47fcb 0f2d1ad2635bd726774d04c50294fc5119d35853 cebfd05f766cd33f028be29d989ea6577ed2e08b88560bf5284ccd0b3a4647e8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cd8d5e3-d79c-487a-964e-b348a2feabb3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12340
x-amzn-requestid: 663215ce-612e-41e8-9eb0-ddb5cbd17025
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BmspmGTZoAMFdtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640c27d6-0eb43eb03fac40851fd32d1e;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 07:03:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LVZH3NQCNmw5l2hFeaXbS5Xbj3dZYdecJjrqEr4faktZ61imQJQ90w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1d0860167e2100a6d1cd9c0213c2b8e8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Mar 2023 21:51:41 GMT
age: 40628
etag: "0f2d1ad2635bd726774d04c50294fc5119d35853"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/favicon.ico | 64.15.75.85 | 404 Not Found | 0 B |
URL HTTP/2hcputxzdap.duckdns.org/favicon.ico IP64.15.75.85:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /favicon.ico HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167; __tins__21567201=%7B%22sid%22%3A%201679044127846%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201679045927846%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 17 Mar 2023 09:08:48 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/gs_vk/public.css | 64.15.75.85 | 200 OK | 0 B |
URL HTTP/2hcputxzdap.duckdns.org/static/gs_vk/public.css IP64.15.75.85:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/gs_vk/public.css HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/js/1.js | 64.15.75.85 | 200 OK | 0 B |
URL HTTP/2hcputxzdap.duckdns.org/static/js/1.js IP64.15.75.85:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/js/1.js HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 11 Mar 2023 08:59:53 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hcputxzdap.duckdns.org/static/hau/jquery-1.9.1.min.js | 64.15.75.85 | 200 OK | 0 B |
URL HTTP/2hcputxzdap.duckdns.org/static/hau/jquery-1.9.1.min.js IP64.15.75.85:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /static/hau/jquery-1.9.1.min.js HTTP/1.1
Host: hcputxzdap.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hcputxzdap.duckdns.org/
Cookie: sessionid=6cee10fd81abd3dd4cd8768506d84167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 17 Mar 2023 09:08:47 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:45:22 GMT
expires: Sun, 16 Apr 2023 09:08:47 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|