Report - bireyselcuzdansorgulamasayfasionline.line.pm/

Report Overview

Visited public
2023-12-07 18:20:41
Tags
dyndns
Submit Tags
URL
bireyselcuzdansorgulamasayfasionline.line.pm/
Finishing URL
bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
IP / ASN
190.14.39.141
#52469 Offshore Racks S.A
Title
Account Suspended
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bireyselcuzdansorgulamasayfasionline.line.pm	unknown	unknown	No data	No data	1.8 kB	17 kB	190.14.39.141
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-07 05:12:49	885 B	48 kB	172.64.141.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-07 18:20:30	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:30	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:30	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:30	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:31	medium	Client IP	190.14.39.141	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
2023-12-07 18:20:31	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:31	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:31	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:31	medium	Client IP	190.14.39.141	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
2023-12-07 18:20:32	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:32	medium	Client IP	190.14.39.141	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
2023-12-07 18:20:32	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-12-07 18:20:33	medium	Client IP	190.14.39.141	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-07	medium	line.pm	Sinkholed
2023-12-07	medium	line.pm	Sinkholed
2023-12-07	medium	line.pm	Sinkholed
2023-12-07	medium	line.pm	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

GET bireyselcuzdansorgulamasayfasionline.line.pm/

190.14.39.141

261 B

URL User Request GET
bireyselcuzdansorgulamasayfasionline.line.pm/
IP
190.14.39.141:0
ASN
#52469 Offshore Racks S.A

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
261 B (261 bytes)
Hash
f076b851d26fd5c8423229c9cee0b5f4
5f7977d3921fa1e40ea6c03ac03b25bfb0d7ed4a
c826d7cf7f4e3fb2c094fcd895fc18cbe77f2d78fe6ee24f9e44701d5313ca75

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain

HTTP Headers

GET / HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 07 Dec 2023 18:20:24 GMT
Server: Apache
Location: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Content-Length: 261
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

190.14.39.141

200 OK

7.8 kB

URL GET HTTP/1.1
bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
IP
190.14.39.141:80
ASN
#52469 Offshore Racks S.A

Requested by
http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070), with CRLF, LF line terminators
Size
7.8 kB (7819 bytes)
Hash
d187b68b18750128e264a16ffe10859f
aecc1b3dcd96db40609a5cc429449b528959c29f
09e3f3b63ee30ef3e0d159056d30c094f3a40ae2ff2ec27ac9c8d2d061bc4663

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET use.fontawesome.com/releases/v5.0.6/css/all.css

172.64.141.13

200 OK

7.6 kB

URL GET HTTP/1.1
use.fontawesome.com/releases/v5.0.6/css/all.css
IP
172.64.141.13:80
ASN
#13335 CLOUDFLARENET

Requested by
http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

File type
ASCII text, with very long lines (34556)
Size
7.6 kB (7640 bytes)
Hash
42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce

HTTP Headers

GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31556926
ETag: W/"42eaa52604673b64d6b356c2fd7f87e3"
Last-Modified: Fri, 22 Sep 2023 01:44:11 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2206829
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPHIFqL4SFklgZSKqN4%2F7q6c2YxZ8RcCb1Vlu%2BHnP6XfbpY956%2BzAaf6CesmMBAvHYE5jNDv3LHG0LkuCHCF2idOUdtil2zk1%2BLP19ZogRPHu384qYHH2%2F%2BQ1mMRxQNmyTjQRi1V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 831ec8539ac963e5-LHR
alt-svc: h2=":443"; ma=60

GET use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

39 kB

URL GET HTTP/1.1
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP
172.64.141.13:80
ASN
#13335 CLOUDFLARENET

Requested by
http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

File type
Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Size
39 kB (38784 bytes)
Hash
f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56

HTTP Headers

GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://bireyselcuzdansorgulamasayfasionline.line.pm
DNT: 1
Connection: keep-alive
Referer: http://use.fontawesome.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Content-Type: application/font-woff2
Content-Length: 38784
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=31556926
ETag: "f9b85c9463af7103b9b24bbbf09a06ed"
Last-Modified: Fri, 22 Sep 2023 01:44:10 GMT
Vary: Origin, Accept-Encoding
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXb9V7WYvjN6vg0OAvzYgAjFUDDr9N7h1HCwuTlBokWSrokPLQCCJ8WBycdrOO8Sy02YJPYsLuELetBJGFs96qIRo5V7R05XyM0Aa9%2B5TKLUABMR3UKIPs%2FdOHrfkGuwW5de94xG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 831ec8543a207749-LHR
alt-svc: h2=":443"; ma=60

GET bireyselcuzdansorgulamasayfasionline.line.pm/favicon.ico

190.14.39.141

302 Found

261 B

URL GET HTTP/1.1
bireyselcuzdansorgulamasayfasionline.line.pm/favicon.ico
IP
190.14.39.141:80
ASN
#52469 Offshore Racks S.A

Requested by
http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
261 B (261 bytes)
Hash
f076b851d26fd5c8423229c9cee0b5f4
5f7977d3921fa1e40ea6c03ac03b25bfb0d7ed4a
c826d7cf7f4e3fb2c094fcd895fc18cbe77f2d78fe6ee24f9e44701d5313ca75

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 07 Dec 2023 18:20:26 GMT
Server: Apache
Location: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Content-Length: 261
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

190.14.39.141

200 OK

7.8 kB

URL GET HTTP/1.1
bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
IP
190.14.39.141:80
ASN
#52469 Offshore Racks S.A

Requested by
http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070), with CRLF, LF line terminators
Size
7.8 kB (7819 bytes)
Hash
d187b68b18750128e264a16ffe10859f
aecc1b3dcd96db40609a5cc429449b528959c29f
09e3f3b63ee30ef3e0d159056d30c094f3a40ae2ff2ec27ac9c8d2d061bc4663

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:26 GMT
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers