Report - manage-clientidenti.duckdns.org/newleeg.php

Report Overview

Visited public
2023-09-24 17:57:07
Tags
dyndns
URL
manage-clientidenti.duckdns.org/newleeg.php
Finishing URL
manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
IP / ASN
45.82.120.91
#44486 SYNLINQ
Title
Inloggen
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-09-23 18:30:44	457 B	15 kB	152.199.19.160
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-09-23 18:48:38	475 B	25 kB	104.18.10.207
manage-clientidenti.duckdns.org	unknown	2013-04-12	2023-09-24 19:31:25	2023-09-24 19:31:25	11 kB	29 kB	45.82.120.91
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-09-23 20:51:25	1.8 kB	40 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-24 17:56:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:51	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:51	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:51	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:51	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:51	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:51	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:52	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:52	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:53	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:53	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:54	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:54	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:55	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:55	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:56	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:56	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:57	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:57	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:58	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:58	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:56:59	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:56:59	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:57:00	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:57:00	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:57:01	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:57:01	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:57:02	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:57:02	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:57:03	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:57:03	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 17:57:04	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 17:57:04	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed
2023-09-24	medium	manage-clientidenti.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	manage-clientidenti.duckdns.org/script.js	ScriptElement	20 kB	2023-03-14	2024-08-21
Pretty URL manage-clientidenti.duckdns.org/script.js IP 45.82.120.91 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 19:14 Last Seen2024-08-21 06:17 Times Seen18 Hash 30c75faf404b23ef6a27d63fc0e95ba4 5c87ef9e0a319b300b5134884c6c85cfc2bef688 0b2e14311f125f0297228596820e18b5825ba46bdc0e2d0c021cfd49c86a1ff8 Loading...

	manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c	ScriptElement	9.5 kB	2024-08-21	2024-08-21
Pretty URL manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c IP 45.82.120.91 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:50 Last Seen2024-08-21 05:50 Times Seen1 Hash d7da5c7e2fece031fd51b6a70aba1dd6 315ea90096fc308dca068172db50c41eb4ab55d7 3f70c0b524f68052f346e172bc5e98ca7350b4a3df87b22b5605d5e7fb466699 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-10 22:52 Times Seen6773 Hash 7f9fb969ce353c5d77707836391eb28d 62c4042e9ebc691a5372d653b424512a561d1670 2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js	ScriptElement	5.6 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-10 14:33 Times Seen1357 Hash 3eac3c72434a0945b92dd4a01f7b6b4e 7767b356530e39cd76ec259320b0b2774b4097a8 ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b Loading...

	ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.js	ScriptElement	43 kB	2023-05-09	2025-04-20
Pretty URL ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-04-20 12:07 Times Seen91 Hash 01b27a892c16f10d6e42f97ea01663a9 e017c73588ef8ce97a88125acaae338fded0fd2a 8f810262d213ecdb9cb603fa1ae866a347a5ec8203d7e3f495a21c6113ca63c7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js	ScriptElement	8.3 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-10 22:23 Times Seen6354 Hash cc290e6c3aeecf5021dd82ad8df2512a fb983aecd3940e8ebbfe5e74c8099cee9223c957 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995 Loading...

	cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js	ScriptElement	14 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-10 18:12 Times Seen2541 Hash 70489d9432ef978db53bebda3e9f4c14 f24d0bcc36027bce45c86acfba57b248edb6a3f9 24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1 Loading...

HTTP Transactions (25)

URL IP Response Size

manage-clientidenti.duckdns.org/newleeg.php

45.82.120.91

302 Found

0 B

URL User Request GET HTTP/1.1
manage-clientidenti.duckdns.org/newleeg.php
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /newleeg.php HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 24 Sep 2023 17:56:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c

45.82.120.91

200 OK

4.8 kB

URL User Request GET HTTP/1.1
manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Size
4.8 kB (4794 bytes)
Hash
bdbe27beb326adedb45ab01f748f1cae
8a671304430642bce5357c1ceb27c0aba32ae0e4
e8bb845265946ef4af1a03eb4f7a909d8a305fb392b122ac74ab9d9b56814e86

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /leeg.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4794
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/style.css

45.82.120.91

200 OK

2.8 kB

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/style.css
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type
ASCII text
Size
2.8 kB (2812 bytes)
Hash
e5f9029748c70974d2fe835bce45ee70
6bee7a122ac0b75e74b8b35035f72fdaa60a9bc8
ccb14d3b7d6c42de6ee99cd01a0587c300a70c9b861f7da453749e211ae555c8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style.css HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 27 Sep 2022 03:56:16 GMT
ETag: "2df9-5e9a0a03dd800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2812
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

manage-clientidenti.duckdns.org/script.js

45.82.120.91

200 OK

3.6 kB

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/script.js
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type
ASCII text
Size
3.6 kB (3583 bytes)
Hash
30c75faf404b23ef6a27d63fc0e95ba4
5c87ef9e0a319b300b5134884c6c85cfc2bef688
0b2e14311f125f0297228596820e18b5825ba46bdc0e2d0c021cfd49c86a1ff8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 27 Sep 2022 03:56:16 GMT
ETag: "4e2c-5e9a0a03dd800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3583
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js

104.17.25.14

200 OK

3.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (542)
Size
3.1 kB (3074 bytes)
Hash
cc290e6c3aeecf5021dd82ad8df2512a
fb983aecd3940e8ebbfe5e74c8099cee9223c957
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 17:56:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 3074
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1d-c02"
last-modified: Thu, 22 Jun 2023 11:06:05 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2087916
expires: Fri, 13 Sep 2024 17:56:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OnouFlgWGQIaQjNYBQf%2F0lRCc4vkO1ZOOlrvTjrhBBVgSCeSAxGMz7MX%2BKv5nYhKIV4RtLmXtv%2F7sUhk8B2YQCJBDReugjn33Q6%2FkYMpfyJJuMOtVeFDThMgidGKNzpPEEhctER"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80bce80b49a9b51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js

104.17.25.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32180)
Size
27 kB (26660 bytes)
Hash
7f9fb969ce353c5d77707836391eb28d
62c4042e9ebc691a5372d653b424512a561d1670
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 17:56:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 14245535
expires: Fri, 13 Sep 2024 17:56:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDSD6aOHg3hJGZVudXsxe%2Bsy7haj1tu98XEtud85EXlUWpojCfHTJl4GdYux3%2FlEI7N7r%2BK3iN6PZV6%2FF7v%2BVejHe8OKHmVAAPuh1m7V86a%2BGywXIZCa14S%2FhRWgwS3G8jx%2Br%2Fk%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80bce80b59bbb51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js

104.17.25.14

200 OK

4.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (14271)
Size
4.4 kB (4421 bytes)
Hash
70489d9432ef978db53bebda3e9f4c14
f24d0bcc36027bce45c86acfba57b248edb6a3f9
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1

HTTP Headers

GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 17:56:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 4421
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942756-1145"
last-modified: Thu, 22 Jun 2023 10:49:58 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4153936
expires: Fri, 13 Sep 2024 17:56:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4fd013t74QVccMQXgzh2KYEYM3YSKVheCvfUHWAoyWXV8%2Fbx87adiNNdQzWt4DYctxOAFHmI%2BVkX2kUIuUa3IutqzpkJsdbvJ436hQSn3xX3Q49b7UWJgwHcH%2FYoHgPS2ytN4pXY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80bce80b59bdb51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js

104.17.25.14

200 OK

1.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (3601)
Size
1.5 kB (1508 bytes)
Hash
3eac3c72434a0945b92dd4a01f7b6b4e
7767b356530e39cd76ec259320b0b2774b4097a8
ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b

HTTP Headers

GET /ajax/libs/jquery-easing/1.3/jquery.easing.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 17:56:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 1508
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1a-5e4"
last-modified: Thu, 22 Jun 2023 11:06:02 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1469715
expires: Fri, 13 Sep 2024 17:56:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHz%2Fsl5O5jzcl97AANPZwbvMedBiVthq5cAtnfeigoxURiujTTeG4s2tUMkqn1Pvj3V3WIQCtbjCX6DEdwLskLukHVP7crHFmf4joXNHTxwAGsF6YYegJTe9lxDg9Skpc3N81cq6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80bce80b69bfb51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

manage-clientidenti.duckdns.org/work_files/nl-cis/images/golo.png

45.82.120.91

200 OK

13 kB

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/work_files/nl-cis/images/golo.png
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type
PNG image data, 408 x 176, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12691 bytes)
Hash
5c1867327f3635209947180e7f3d0def
d8a6a7a1e918839fe46732be0b0285cbc18ea7ba
afaae0f2f4c3f0d21b599524e9e611fda50d9e95deefde1c65b6a6cb8e6741da

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /work_files/nl-cis/images/golo.png HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Tue, 27 Sep 2022 03:56:16 GMT
ETag: "3193-5e9a0a03dd800"
Accept-Ranges: bytes
Content-Length: 12691
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.js

152.199.19.160

200 OK

14 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1243)
Size
14 kB (14522 bytes)
Hash
9ec4651200b4d8f1fa4e8da9dae1b806
beed274fb9b7669584f8c67ef2dc25dc1ca602a5
2379363060b818df38089983c12a4508ad8c35944ae59f9519cccdc4f3e80b6c

HTTP Headers

GET /ajax/jquery.validate/1.13.1/jquery.validate.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 17619114
cache-control: public,max-age=31536000
content-type: application/javascript
date: Sun, 24 Sep 2023 17:56:51 GMT
etag: "6110c871d033d21:0"
last-modified: Mon, 31 Oct 2016 23:42:30 GMT
server: ECAcc (ska/F75C)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 14522
X-Firefox-Spdy: h2

manage-clientidenti.duckdns.org/favicon.ico

45.82.120.91

404 Not Found

294 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/favicon.ico
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
294 B (294 bytes)
Hash
d8e61abf1419f13fd05b108ca87e3ada
905d129b6e7be111dd98624791cc72c09c15883b
c2a3c159b7a50cd329e9c570cd786c0ea4d8b54dacfc00c3dd62df5bbe3f0d1a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 24 Sep 2023 17:56:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 294
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:54 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:55 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:56 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:57 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:58 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:56:59 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:57:00 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:57:01 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:57:02 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:57:03 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c

45.82.120.91

200 OK

0 B

URL GET HTTP/1.1
manage-clientidenti.duckdns.org/checklogin.php?session=651078624ff8c
IP
45.82.120.91:443
ASN
#44486 SYNLINQ

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerLet's Encrypt
Subjectmanage-clientidenti.duckdns.org
Fingerprint7D:DC:79:25:48:25:51:A8:4B:A5:1C:60:C8:49:B6:03:A4:B5:DB:6A
ValiditySun, 24 Sep 2023 16:30:12 GMT - Sat, 23 Dec 2023 16:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checklogin.php?session=651078624ff8c HTTP/1.1
Host: manage-clientidenti.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Cookie: PHPSESSID=cioo1afggcdgsc01lqfqh269d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 17:57:04 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

104.18.10.207

200 OK

24 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://manage-clientidenti.duckdns.org/leeg.php?session=651078624ff8c
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (23577)
Size
24 kB (23739 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

HTTP Headers

GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://manage-clientidenti.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 17:56:51 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 9483808
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80bce80b3afab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (25)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections