Report - netflixs.duckdns.org/

Report Overview

Submitted URL
netflixs.duckdns.org/
IP
20.66.41.139
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-02-10 07:18:51
Access
Website Title
Final URL
Tags
netflix phishing dyndns
urlquery detections
Phishing - Netflix
Suspicious - DynDNS domain

Detections

urlquery
30
Network Intrusion Detection
18
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
netflixs.duckdns.org	unknown	2022-01-18T16:35:19Z	2023-02-10T05:18:13Z	5.3 kB	216 kB	20.66.41.139
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	69 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	544 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.83.200.106
assets.nflxext.com	3871	2015-07-22T06:02:07Z	2023-03-13T05:11:30Z	479 B	74 kB	45.57.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-10 07:19:42	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-10 07:19:42	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-10 07:19:42	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-10 07:19:42	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-10 07:19:43	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:45	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:45	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-10 07:19:46	medium	Client IP	20.66.41.139	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	netflixs.duckdns.org/net/files/js/jquery.mask.js	8.1 kB	2023-03-07	2024-04-18
Pretty URL netflixs.duckdns.org/net/files/js/jquery.mask.js IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-18 11:28:16 Times Seen355 Hash 9d8349c5ae98f1d6591ecce50e54403a 62f6a07fa6a0531ac0f6aae7988356ff28b09d73 38c89b667f0b98ab618ce6eef2947a58b9cac93e4dce667fec781562c34cd66e Loading...

	netflixs.duckdns.org/net/files/js/modernizr.min.js	3.8 kB	2023-03-07	2024-04-18
Pretty URL netflixs.duckdns.org/net/files/js/modernizr.min.js IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-18 11:28:16 Times Seen883 Hash a635a55ddb6339a3d0d01c641f670753 a6dee4a1df6c51b82ce2e67323514e7de4e165d4 a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Loading...

	netflixs.duckdns.org/net/files/js/jquery.js	87 kB	2023-03-07	2024-04-18
Pretty URL netflixs.duckdns.org/net/files/js/jquery.js IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-04-18 11:28:16 Times Seen12137 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	netflixs.duckdns.org/net/login.php	665 B	2023-03-07	2023-04-01
Pretty URL netflixs.duckdns.org/net/login.php IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2023-04-01 11:11:03 Times Seen56 Hash f2f81f7bd23993f7026d546e7bde377f c332eba809abc20daa0fddcac318ceeae64ab3a7 5a1b791d5aa13fe655e41161a761849ae604a1d2c4d2ad622b6d3785c1813e68 Loading...

	netflixs.duckdns.org/net/login.php	101 B	2023-03-07	2024-04-18
Pretty URL netflixs.duckdns.org/net/login.php IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:46 Last Seen2024-04-18 11:28:16 Times Seen212 Hash 374354644aaca754a721e58f06aeb655 e16bbcac015631fffe3fee7e41041ddbc8e3c527 4faa9064171cf2226162d76da9d7ef8437bce1ab506c405fd7bdd8d1c7ed5946 Loading...

	netflixs.duckdns.org/net/login.php	2.2 kB	2023-03-07	2024-02-10
Pretty URL netflixs.duckdns.org/net/login.php IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:46 Last Seen2024-02-10 18:38:14 Times Seen54 Hash 87c49a7d52914fda496f37d0c98dfa33 0a82d2cb5bbddd7782383e0b81dd20976064aab8 283addbd78bd697a061c1457ad9d219087f295813e881b701267f1a0ef0bfffe Loading...

	netflixs.duckdns.org/net/files/js/jquery.ccvalid.js	7.4 kB	2023-03-07	2024-04-18
Pretty URL netflixs.duckdns.org/net/files/js/jquery.ccvalid.js IP 20.66.41.139 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-18 11:28:16 Times Seen464 Hash 2f24b339e94eb18fdfd5cd5a60e82546 2abf52df7041eac55e0f59bf867053d4cb29891a ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10445
Expires: Fri, 10 Feb 2023 10:12:44 GMT
Date: Fri, 10 Feb 2023 07:18:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84247d80b610d0c6da587141b21323ae
46461f8709d099f5295998f41aaafa5be4387ea6
bee5e9e0d7b4a24609950ceb40194bffb482c36152d376bb119e7cc3aba488dc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEE5E9E0D7B4A24609950CEB40194BFFB482C36152D376BB119E7CC3ABA488DC"
Last-Modified: Thu, 09 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3985
Expires: Fri, 10 Feb 2023 08:25:04 GMT
Date: Fri, 10 Feb 2023 07:18:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
50a2f8cdbbd1059f5318753155bba7ef
405e63ea4683be44f876feae34b5cb645ff751f2
f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11760
Expires: Fri, 10 Feb 2023 10:34:39 GMT
Date: Fri, 10 Feb 2023 07:18:39 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 10 Feb 2023 06:36:54 GMT
content-type: application/json
age: 2506
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: RMKwvFSAA1hnj6TWrrF6RZx/Q8HouXx+GAs5/Dh9ZxKvKbOVC145QTqE0F1NlTHd58VlJyUPUnY=
x-amz-request-id: 2M29PF9BTXVND8XW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 10 Feb 2023 06:36:41 GMT
age: 2519
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 10 Feb 2023 07:18:40 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 10 Feb 2023 07:14:53 GMT
age: 227
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

netflixs.duckdns.org/

20.66.41.139

302 Found

0 B

URL HTTP/1.1
netflixs.duckdns.org/
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
location: net/
content-type: text/html; charset=UTF-8
content-length: 0
date: Fri, 10 Feb 2023 07:18:40 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10016
Expires: Fri, 10 Feb 2023 10:05:36 GMT
Date: Fri, 10 Feb 2023 07:18:40 GMT
Connection: keep-alive

push.services.mozilla.com/

35.83.200.106

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.83.200.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4VbA1zQj+G2pvv99dA4RwQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zddPJhAXl9TkJz3h9vNLo3ZJCLc=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6976
Expires: Fri, 10 Feb 2023 09:14:58 GMT
Date: Fri, 10 Feb 2023 07:18:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6976
Expires: Fri, 10 Feb 2023 09:14:58 GMT
Date: Fri, 10 Feb 2023 07:18:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6976
Expires: Fri, 10 Feb 2023 09:14:58 GMT
Date: Fri, 10 Feb 2023 07:18:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6976
Expires: Fri, 10 Feb 2023 09:14:58 GMT
Date: Fri, 10 Feb 2023 07:18:42 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9c46333-931f-4627-b47e-fe0c43cde8fc.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9c46333-931f-4627-b47e-fe0c43cde8fc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9958 bytes)
Hash
8f3336ac4423b02c36ede62d379f50e2
e38590afab0ca061844ab6a4db4e781b78a858ac
12fefbc2ecbb0a590c82fed3bda96949fca0546dfbaf6811098217f27a78b4de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9c46333-931f-4627-b47e-fe0c43cde8fc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9958
x-amzn-requestid: 99cb33dc-77ef-4028-b6dd-4bc37af526e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AF0VoFjWoAMFv-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e56756-1438b9724a8b940e20e45bd1;Sampled=0
x-amzn-remapped-date: Thu, 09 Feb 2023 21:36:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1NMQpC3EBhshyyg-8DOui20PF8_GmE33pPEXbqidir9QUwTPtOfvWQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 21:43:53 GMT
etag: "e38590afab0ca061844ab6a4db4e781b78a858ac"
content-type: image/jpeg
age: 34489
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5709d9c0-ad9a-4ad2-a513-238ddbd715c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5739 bytes)
Hash
699375010f95c72afcd52eb0aee10a96
f5d98fd3ccea9c5c66bd4e0921c946bbc6256985
2fa5fee4559d62a614efa72585f7c90636a40d03e605d0e46bf5ba5a1b729b91

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5709d9c0-ad9a-4ad2-a513-238ddbd715c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5739
x-amzn-requestid: a7d3deb1-d9e1-44bc-9acb-4a5d72f5c3c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AGHwXEnZIAMFSPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e58668-215e18d01a1e368b61ae1650;Sampled=0
x-amzn-remapped-date: Thu, 09 Feb 2023 23:48:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uUrtzv8hpVcBu3nlWz8CNFNrqUOgEeurIq9LZIJ9hkFLlZbTQufYqA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Feb 2023 00:09:54 GMT
age: 25728
etag: "f5d98fd3ccea9c5c66bd4e0921c946bbc6256985"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5163068-995f-4605-87b9-fe1d8af68f7c.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12273 bytes)
Hash
d9addca8f99eeeca4a7b2152f7719ca0
7c78e7f5bb27d7842883a606f8e48368d6db3ba6
6d3d60faf08733651971d8843b668e874cf600c370d91512d5720a69c52ee387

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5163068-995f-4605-87b9-fe1d8af68f7c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12273
x-amzn-requestid: 73a2f4cf-3d26-4b63-bbf4-4d4af96a803d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AGJ0yFZ2oAMFkfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e589b7-17f0e6e57cb00aee2222a54c;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 00:03:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Yp0_kOy29Vnea6IL17CzmMnT40730IezAZ7c_kHviIfmZVriDGvWTA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Feb 2023 00:12:42 GMT
age: 25560
etag: "7c78e7f5bb27d7842883a606f8e48368d6db3ba6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a040a3-538c-45f4-9381-c39c90c63b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4443 bytes)
Hash
8be470b3463a83c73c9141fb3ab64419
da86339c3339c8c9525a1053cfc47b9dade263fc
2ea2fe37738a6bcfdf0788541d710bb98435a264cfff313492acde086a2ad90c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a040a3-538c-45f4-9381-c39c90c63b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4443
x-amzn-requestid: 9343cb67-a21c-4654-a870-37d0db76627e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AGC5ZEqeoAMF-NQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e57ea2-7edfd55a11b8a68f5a45e0ac;Sampled=0
x-amzn-remapped-date: Thu, 09 Feb 2023 23:15:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BZ1tWxTZW7TlHXdE3ndTgjyrUwim8IRhI0fL7dkSv1xokmN9WS-MsA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 23:38:26 GMT
age: 27616
etag: "da86339c3339c8c9525a1053cfc47b9dade263fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aac4f0-56b4-412e-af1b-0942f7a1096d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5797 bytes)
Hash
76c5dea6fdc820a061d97514b85d1988
caab6550512abe609a9f40410d419d8b4267439b
b2ffb311e91e9fe959eca7ce6f0134e2c53f0c9214d998e9822569ac3d1f8571

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aac4f0-56b4-412e-af1b-0942f7a1096d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5797
x-amzn-requestid: a8d57a2b-9ca5-4056-808a-3970f71f2b1e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AF0pyGCWoAMFhTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e567d7-1c6ae6f45262b88a374b4283;Sampled=0
x-amzn-remapped-date: Thu, 09 Feb 2023 21:38:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BR4mKpEOPvQ5mykuTKMIani168IEQu9wCiPsMnipRgCoiy-QKJM5tA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 21:43:53 GMT
etag: "caab6550512abe609a9f40410d419d8b4267439b"
content-type: image/jpeg
age: 34489
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: bad93208-b191-428a-8475-a4352e09ba16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AGrb8FtjIAMFvnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5bf7f-26db07fd02ba24765a1cb539;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 03:52:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: k1Ee2PY1W2cdQrheG9fJCgfk0v06QxOE9-bMU9YSc3EC9Z-oLehvHQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Feb 2023 06:02:36 GMT
age: 4566
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

netflixs.duckdns.org/net/

20.66.41.139

302 Found

0 B

URL HTTP/1.1
netflixs.duckdns.org/net/
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/ HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Fri, 10 Feb 2023 07:18:42 GMT
server: LiteSpeed

netflixs.duckdns.org/net/login.php

20.66.41.139

200 OK

2.5 kB

URL HTTP/1.1
netflixs.duckdns.org/net/login.php
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.5 kB (2513 bytes)
Hash
80e04d69429c9c2f70e5d530f3f63d8e
7e1460065f131852fcbb970c53a5e342169a0845
6ee2dd0131ec472fca9fc62507f9ab94bef10778b890f3375c54c116c3909b2b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/login.php HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 10 Feb 2023 07:18:42 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/js/modernizr.min.js

20.66.41.139

200 OK

1.8 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/js/modernizr.min.js
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (3807), with no line terminators
Size
1.8 kB (1780 bytes)
Hash
f9c1c57b471ce4db26c54675a4ca6b36
4b19f32dca5359bd993bba78c40b60f38dc76269
ec4ac31368fc3fb320f8ef9b63e66ac3d637eb406e9a058ec153c4f3622c9369

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/js/modernizr.min.js HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: application/javascript
last-modified: Mon, 21 Dec 2020 23:10:10 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1780
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/css/none.css

20.66.41.139

200 OK

21 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/css/none.css
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
21 kB (21361 bytes)
Hash
c0e97d8d0589a823b827a85e207b7c05
de86f3e72fbca3b06db0a89e50e4cef3b3cfaa55
06b94f6dac9c1429056a5d98aed9821feb8e045145d3b8b5704147e45b8aebe3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/css/none.css HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: text/css
last-modified: Mon, 21 Dec 2020 23:11:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 21361
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/css/none2.css

20.66.41.139

200 OK

25 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/css/none2.css
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
25 kB (24788 bytes)
Hash
9303ddd116f9c7e14b02a0dd1a740ad9
879c1ff7dd689045c52a44483a21692adec62e66
074a9ee5c3fda83dea45e5c8bdbbfc7f63fff0e6f915b2565dc5c2a1f866e61f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/css/none2.css HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: text/css
last-modified: Sun, 15 Nov 2020 16:42:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 24788
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/js/jquery.ccvalid.js

20.66.41.139

200 OK

1.9 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/js/jquery.ccvalid.js
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
1.9 kB (1917 bytes)
Hash
bb7c1daed31523e12e43305fc8ae798a
903a57bf89f66b5ab208595d7e3ad6724efc34cb
604cbbd58dae5fe0b3d5a2f76fe4ce951f144ed621ad918253d72b8b22854e86

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/js/jquery.ccvalid.js HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: application/javascript
last-modified: Sat, 05 May 2018 21:05:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1917
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/js/jquery.mask.js

20.66.41.139

200 OK

3.4 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/js/jquery.mask.js
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (537)
Size
3.4 kB (3355 bytes)
Hash
8ce522a92b039717ae44f6faa75656d5
015dc3808c3516b6ae2a2dc6b9de648fdd6998aa
a1b087df935b23009d577f5cbc4e280f9486cee20e5bcc2f5101d2b29fe6de14

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/js/jquery.mask.js HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: application/javascript
last-modified: Sat, 05 May 2018 21:07:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3355
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/js/jquery.js

20.66.41.139

200 OK

30 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/js/jquery.js
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30293 bytes)
Hash
b43a7e46d5c8dc9890df2f2fb29ce1af
895cacfd7e42cd57536ce668a6520856f47d819a
fb1296a94d1e1a42d041ebebd966210883d83fde6dff777ca976224fa5404dec

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/js/jquery.js HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: application/javascript
last-modified: Sat, 05 May 2018 21:07:04 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30293
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
21df8472edb9676fffad901691fa073e
8b93ae588def1022ef8448b606f08000cf418f84
9e37815542ed7a3e7d1f2c6a0eb97622d43fee79a39167c193d8a21ff6f0321e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5183
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 10 Feb 2023 07:18:43 GMT
Last-Modified: Fri, 10 Feb 2023 05:52:20 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278

assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff

45.57.90.1

200 OK

74 kB

URL HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
IP
45.57.90.1:0
ASN
#40027 NETFLIX-ASN

File type
Web Open Font Format, CFF, length 73572, version 0.0\012- data
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

HTTP Headers

GET /ffe/siteui/fonts/nf-icon-v1-93.woff HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://netflixs.duckdns.org
Connection: keep-alive
Referer: http://netflixs.duckdns.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 Feb 2023 07:18:43 GMT
Content-Type: font/woff
Content-Length: 73572
Connection: keep-alive
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Cache-Control: max-age=604801
Expires: Fri, 17 Feb 2023 07:18:44 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

netflixs.duckdns.org/net/files/img/fb.png

20.66.41.139

200 OK

1.5 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/img/fb.png
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1455 bytes)
Hash
a33ca47ef110b6e3ec5086b8776407d3
dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/img/fb.png HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: image/png
last-modified: Sat, 15 Sep 2018 18:57:46 GMT
accept-ranges: bytes
content-length: 1455
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/img/logo.svg

20.66.41.139

200 OK

512 B

URL HTTP/1.1
netflixs.duckdns.org/net/files/img/logo.svg
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (793), with CRLF line terminators
Size
512 B (512 bytes)
Hash
2213a58f29bb07b3d4876a8752cf8e5f
8441b2c0880af92a25c759269e9351d8c715b217
aa9fd50f44dd924bdc32bcca2cee677f0dc13a46ff3ed993429a3b084ae84762

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/img/logo.svg HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: image/svg+xml
last-modified: Sat, 15 Sep 2018 19:52:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 512
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/img/favicon.png

20.66.41.139

200 OK

1.8 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/img/favicon.png
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/img/favicon.png HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:44 GMT
content-type: image/png
last-modified: Mon, 17 Sep 2018 18:48:30 GMT
accept-ranges: bytes
content-length: 1755
date: Fri, 10 Feb 2023 07:18:44 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/img/favicon.ico

20.66.41.139

200 OK

1.6 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/img/favicon.ico
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
1.6 kB (1565 bytes)
Hash
f3072f3502899d486f69e37d63e9e4ef
b1bc7ffda52ae61e2d28eb53b58195d47898f94e
2b4c53357c8d7bb535a163795cc78d15576c68a44250be834b31ad25f6195530

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/img/favicon.ico HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:44 GMT
content-type: image/x-icon
last-modified: Mon, 17 Sep 2018 18:48:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1565
date: Fri, 10 Feb 2023 07:18:44 GMT
server: LiteSpeed

netflixs.duckdns.org/net/files/img/bg.jpg

20.66.41.139

200 OK

120 kB

URL HTTP/1.1
netflixs.duckdns.org/net/files/img/bg.jpg
IP
20.66.41.139:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3\012- data
Size
120 kB (120105 bytes)
Hash
5f6f14c7e213792c78d8fc08ced0840c
9700da5cdd4b261c657540b4d4d49c90cd57cdac
cde4074549e72df2b148594b13728b01118887d02d99e5e7d67c5d1e54cc6669

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /net/files/img/bg.jpg HTTP/1.1
Host: netflixs.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflixs.duckdns.org/net/login.php
Cookie: PHPSESSID=305dfee6eb2e20f229489f2fd0c6bb45

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 17 Feb 2023 07:18:43 GMT
content-type: image/jpeg
last-modified: Sat, 15 Sep 2018 18:57:46 GMT
accept-ranges: bytes
content-length: 120105
date: Fri, 10 Feb 2023 07:18:43 GMT
server: LiteSpeed

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F579fdb7a-cb0f-4414-9a46-1024cb873652.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9978 bytes)
Hash
fb163702d607e91e1d8162ac0c64eec5
1ad7e85df06f650c95d9708e894f10b62ff73cde
238b1ebe71a2824df90dbaeec7968cd91697c78853b17b4479b478aebfcb6f25

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F579fdb7a-cb0f-4414-9a46-1024cb873652.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9978
x-amzn-requestid: 02b5965c-3065-4132-9440-f400cd17cb5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AF0W_G1KIAMF_sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5675f-63451fc214af2a097df68d24;Sampled=0
x-amzn-remapped-date: Thu, 09 Feb 2023 21:36:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EY9vtqsu3YPMaEsTgZ3AXZOlgXlPyZIRSzeTjHm04W7ZX6xKuPef5A==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 21:38:31 GMT
age: 34817
etag: "1ad7e85df06f650c95d9708e894f10b62ff73cde"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type