Report - warden.magicloud.chickenkiller.com/

Report Overview

Submitted URL
warden.magicloud.chickenkiller.com/
IP
79.116.39.104
ASN
#57269 Digi Spain Telecom S.l.u.
Submitted
2024-04-18 11:37:52
Access
public
Website Title
Vaultwarden Web
Final URL
warden.magicloud.chickenkiller.com/#/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
warden.magicloud.chickenkiller.com	unknown	2000-12-26	2024-02-20	2024-03-22	7.1 kB	6.1 MB	79.116.39.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed
2024-04-18	medium	chickenkiller.com	Sinkholed

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	warden.magicloud.chickenkiller.com/theme_head.1df11f603fda400762b7.js	471 B	2023-09-15	2024-04-18
Pretty URL warden.magicloud.chickenkiller.com/theme_head.1df11f603fda400762b7.js IP 79.116.39.104 ASN #57269 Digi Spain Telecom S.l.u. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-15 13:33:54 Last Seen2024-04-18 13:37:59 Times Seen17 Hash 50c02289f2c4dbf46f8a99821dfad427 a4c19fa33f9c330c202687439b30716bc600c695 13fdf26631accf8bf4e263dd2ccf1563731288ee37122fffefd77bef8c1248f2 Loading...

	warden.magicloud.chickenkiller.com/app/polyfills.553f1c6e04a4256f1a4c.js	219 kB	2024-04-18	2024-04-18
Pretty URL warden.magicloud.chickenkiller.com/app/polyfills.553f1c6e04a4256f1a4c.js IP 79.116.39.104 ASN #57269 Digi Spain Telecom S.l.u. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:37:58 Last Seen2024-04-18 13:37:59 Times Seen2 Hash 901add848f8da6a4a3035cac9c0f75ff 3c90adeb834780d1b0802be8127c70fa24f98e85 8092e0969eed04939c5a6ea64e99a92b57e1d7860be20e3e501fc8b2fc153a54 Loading...

	warden.magicloud.chickenkiller.com/app/vendor.58a71e94f36c45876e9f.js	2.5 MB	2024-04-18	2024-04-18
Pretty URL warden.magicloud.chickenkiller.com/app/vendor.58a71e94f36c45876e9f.js IP 79.116.39.104 ASN #57269 Digi Spain Telecom S.l.u. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:37:59 Last Seen2024-04-18 13:37:59 Times Seen2 Hash d7e09fb9de9693af0c29596fec10121f c3ff6471713e9a49ca8d8069310e8a941d794ad4 4cf871bd7d0fb3901647bb92e97b779ff6a16df326a693a90c7ee111c0cdca45 Loading...

	warden.magicloud.chickenkiller.com/app/main.a8f027a034b348c3f19d.js	2.4 MB	2024-04-18	2024-04-18
Pretty URL warden.magicloud.chickenkiller.com/app/main.a8f027a034b348c3f19d.js IP 79.116.39.104 ASN #57269 Digi Spain Telecom S.l.u. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:37:59 Last Seen2024-04-18 13:37:59 Times Seen1 Hash e4ca1aeff3a4b25e66e2f12602a2498e cf2d172adbd2b6742910c9bca31e67e77943c64b d749dc5873f7fceff927158b4e1b42b667e4d9b02fff8ee9aec0f43ebdf9d1a7 Loading...

HTTP Transactions (14)

URL IP Response Size

warden.magicloud.chickenkiller.com/theme_head.1df11f603fda400762b7.js

79.116.39.104

200 OK

471 B

URL GET HTTP/2
warden.magicloud.chickenkiller.com/theme_head.1df11f603fda400762b7.js
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
ASCII text, with very long lines (411)
Size
471 B (471 bytes)
Hash
50c02289f2c4dbf46f8a99821dfad427
a4c19fa33f9c330c202687439b30716bc600c695
13fdf26631accf8bf4e263dd2ccf1563731288ee37122fffefd77bef8c1248f2

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /theme_head.1df11f603fda400762b7.js HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/javascript
content-length: 471
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/

79.116.39.104

200 OK

267 kB

URL User Request GET HTTP/2
warden.magicloud.chickenkiller.com/
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
gzip compressed data, max speed, from Unix
Size
267 kB (266933 bytes)
Hash
28fd7e0b00da2cf0f01a589e98079bc3
41d960e20234fe71be49807d71ae6e735f77f40c
3403b3c882798147b6dca73e385430659af6d9a0d32de18a2daaf911d4607080

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=600
expires: Thu, 18 Apr 2024 11:47:25 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
x-served-by: warden.magicloud.chickenkiller.com
content-encoding: gzip
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/app/polyfills.553f1c6e04a4256f1a4c.js

79.116.39.104

200 OK

219 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/app/polyfills.553f1c6e04a4256f1a4c.js
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65448)
Size
219 kB (219367 bytes)
Hash
901add848f8da6a4a3035cac9c0f75ff
3c90adeb834780d1b0802be8127c70fa24f98e85
8092e0969eed04939c5a6ea64e99a92b57e1d7860be20e3e501fc8b2fc153a54

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /app/polyfills.553f1c6e04a4256f1a4c.js HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/javascript
content-length: 219367
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/app/main.a8f027a034b348c3f19d.js

79.116.39.104

200 OK

2.4 MB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/app/main.a8f027a034b348c3f19d.js
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65482), with no line terminators
Size
2.4 MB (2357039 bytes)
Hash
0708635547b6769357d0d949533cb65a
169ac6c39f49fa4acbb4e95c19cb98ad417e867d
544c566f28900f73b1306a88d2a3863ec6205416f8d40a93bd3d15315dc9fab8

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /app/main.a8f027a034b348c3f19d.js HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/javascript
content-length: 2357039
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/images/logo-dark@2x.png

79.116.39.104

200 OK

5.5 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/images/logo-dark@2x.png
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
PNG image data, 568 x 86, 8-bit gray+alpha, non-interlaced
Size
5.5 kB (5473 bytes)
Hash
25f2f12f4b5ef1e1bd4c547c980a0262
25f629dd740e09b3d4b7276f00882778cb6c0a00
d4764bb46ea2dd7222343194e6bf3633d42900e01a2eca6be482c800e34dc841

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /images/logo-dark@2x.png HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: image/png
content-length: 5473
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/fonts/Open_Sans-normal-400.8465030b62273715c99d.woff

79.116.39.104

200 OK

55 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/fonts/Open_Sans-normal-400.8465030b62273715c99d.woff
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
Web Open Font Format, TrueType, length 55324, version 1.1
Size
55 kB (55324 bytes)
Hash
89ba4e29dc7a63cd15959a5bb068bb0e
250debbaee6e7dc0c79f2bf23d8c84512f03bc10
3adc584fb0bef1fbf9b1c0ecddde5727643b4334c734db78b517ab112d92e1d8

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /fonts/Open_Sans-normal-400.8465030b62273715c99d.woff HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: application/font-woff
content-length: 55324
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
access-control-allow-origin: https://warden.magicloud.chickenkiller.com
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/app/vendor.58a71e94f36c45876e9f.js

79.116.39.104

200 OK

2.5 MB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/app/vendor.58a71e94f36c45876e9f.js
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
2.5 MB (2518196 bytes)
Hash
d7e09fb9de9693af0c29596fec10121f
c3ff6471713e9a49ca8d8069310e8a941d794ad4
4cf871bd7d0fb3901647bb92e97b779ff6a16df326a693a90c7ee111c0cdca45

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /app/vendor.58a71e94f36c45876e9f.js HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/javascript
content-length: 2518196
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/fonts/bwi-font.f7a43f81d823e54532d4.ttf

79.116.39.104

200 OK

76 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/fonts/bwi-font.f7a43f81d823e54532d4.ttf
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 18 names, Macintosh
Size
76 kB (76108 bytes)
Hash
1640bff11bb33eb47ea5ab888fbfc08b
e1713c4a87e9b90a94d6f545bbb496c3f1a6b710
3b2a9b0382332e17360e157605cb0c115bb82a4f6e82265d610d41a6dc103621

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /fonts/bwi-font.f7a43f81d823e54532d4.ttf HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: application/font-sfnt
content-length: 76108
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
access-control-allow-origin: https://warden.magicloud.chickenkiller.com
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/images/favicon-16x16.png

79.116.39.104

200 OK

372 B

URL GET HTTP/2
warden.magicloud.chickenkiller.com/images/favicon-16x16.png
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
Size
372 B (372 bytes)
Hash
86157069c9574d4c75b907e614d6a521
3d4edb81208167ac7fb39c7feb0c135c62d87ec6
6c1dd15f4339af9abcc4c267cadb5dee44a79ed1f9aabf6483d611a433bc7b34

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /images/favicon-16x16.png HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:27 GMT
content-type: image/png
content-length: 372
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46353
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/images/apple-touch-icon.png

79.116.39.104

200 OK

3.3 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/images/apple-touch-icon.png
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
PNG image data, 180 x 180, 8-bit grayscale, non-interlaced
Size
3.3 kB (3250 bytes)
Hash
d61802f3458c13d14a6ec5e4c4b3cf11
dd1bd35d6e604858acc8b85726a111fd68343e59
5fab9252ef66809000b78c285965b1f6607881344cefbb394906373daed3ed7d

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /images/apple-touch-icon.png HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:27 GMT
content-type: image/png
content-length: 3250
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46353
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/locales/en/messages.json?cache=mw0sn

79.116.39.104

200 OK

225 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/locales/en/messages.json?cache=mw0sn
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
JSON text data
Size
225 kB (225316 bytes)
Hash
73caea46d9db9782aa125bb53b031685
16b368f88ca1c375bc926412f92720c9f8582274
796f5158c4e0de34da2fc93545fe613518c96703577f3de6a017c37c126c881b

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /locales/en/messages.json?cache=mw0sn HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:28 GMT
content-type: application/json
content-length: 225316
cache-control: public, immutable, max-age=604800
expires: Thu, 25 Apr 2024 11:37:28 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/api/config

79.116.39.104

200 OK

485 B

URL GET HTTP/2
warden.magicloud.chickenkiller.com/api/config
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
JSON text data
Size
485 B (485 bytes)
Hash
c193190c0db3f19d9da33110f8579c40
2aaac4fac583488e62a19841988a40ad09d1271e
a620d7c4378391ced8bb88f334ff5a4fa941cfe2540d05cf5b6091d0ec66e989

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /api/config HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
device-type: 10
Cache-Control: no-store, no-cache
Pragma: no-cache
Bitwarden-Client-Name: web
Bitwarden-Client-Version: 2024.1.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:28 GMT
content-type: application/json
content-length: 485
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: no-cache, no-store, max-age=0
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/fonts/Open_Sans-normal-600.7f2861051b34a8ecd9f2.woff

79.116.39.104

200 OK

58 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/fonts/Open_Sans-normal-600.7f2861051b34a8ecd9f2.woff
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type
Web Open Font Format, TrueType, length 57744, version 1.1
Size
58 kB (57744 bytes)
Hash
c50809a11130f2e8794cde9ac7c85c48
d220da78b436a30b9efa93b6d891bcf13c41fe5f
9448f7c3bd336008d83d3e4730ac005be651a3a39ade1d36ebb29b5be9201235

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /fonts/Open_Sans-normal-600.7f2861051b34a8ecd9f2.woff HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:28 GMT
content-type: application/font-woff
content-length: 57744
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
access-control-allow-origin: https://warden.magicloud.chickenkiller.com
cache-control: max-age=46352
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css

79.116.39.104

200 OK

266 kB

URL GET HTTP/2
warden.magicloud.chickenkiller.com/app/main.bfda25c788b32075b928.css
IP
79.116.39.104:443
ASN
#57269 Digi Spain Telecom S.l.u.

Requested by
https://warden.magicloud.chickenkiller.com/
Certificate
IssuerLet's Encrypt
Subjectwarden.magicloud.chickenkiller.com
FingerprintE7:27:59:B3:76:1A:B3:0F:9C:8C:52:70:B3:AD:B5:7F:C3:2F:1C:7B
ValidityTue, 20 Feb 2024 21:03:27 GMT - Mon, 20 May 2024 21:03:26 GMT

File type

Size
266 kB (266321 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /app/main.bfda25c788b32075b928.css HTTP/1.1
Host: warden.magicloud.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://warden.magicloud.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Thu, 18 Apr 2024 11:37:25 GMT
content-type: text/css; charset=utf-8
content-length: 266321
expires: Fri, 19 Apr 2024 00:30:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-xss-protection: 0
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
cache-control: max-age=46355
x-served-by: warden.magicloud.chickenkiller.com
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type