Report - t.ly/Og2Ek

Report Overview

Visited public
2023-12-04 03:38:13
Tags
dyndns
URL
t.ly/Og2Ek
Finishing URL
login-customer.duckdns.org/app/signin/openid/pape/error
IP / ASN
104.26.13.201
#13335 CLOUDFLARENET
Title
error
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fh_sy.gc-001.website	unknown	2023-05-03	2023-06-29 09:27:34	2023-10-31 12:11:58	508 B	710 B	172.67.204.254
translate.google.com	1156	1997-09-15	2012-05-30 03:30:32	2023-12-03 05:10:52	641 B	1.0 kB	216.58.211.14
login-customer.duckdns.org	unknown	unknown	No data	No data	4.8 kB	1.9 MB	155.94.128.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 03:38:01	low	Client IP	Internal IP	ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
2023-12-04 03:38:01	low	Client IP	Internal IP	ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
2023-12-04 03:38:01	low	Client IP	104.26.13.201	ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
2023-12-04 03:38:04	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:04	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:04	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:04	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-04 03:38:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-04 03:38:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	login-customer.duckdns.org/static/js/manifest.0.95207078128283351701432353651.js	ScriptElement	1.4 kB	2023-12-04	2023-12-04
Pretty URL login-customer.duckdns.org/static/js/manifest.0.95207078128283351701432353651.js IP 155.94.128.177 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 04:38 Last Seen2023-12-04 04:38 Times Seen2 Hash e263cd30d29f82e9c3411172fd5fb7c3 16d556f360120aebc1af2a1e11f6cfd0fe11c050 90d57ed737a255e38866577e10d2acf76160c0b6e75e1bcc78aafe2cf2b6a4f3 Loading...

	login-customer.duckdns.org/static/js/vendor.0.95207078128283351701432353651.js	ScriptElement	247 kB	2023-06-29	2024-08-22
Pretty URL login-customer.duckdns.org/static/js/vendor.0.95207078128283351701432353651.js IP 155.94.128.177 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 09:27 Last Seen2024-08-22 17:20 Times Seen10 Hash d47070154c2948d56f834697dd43cda0 25fe8af062b2b22871657419edb62d7cc2054882 7f26509aa72633d415546097ace97f7dc8d2e0e6e6b71f4b77e6e5d4b195947f Loading...

	login-customer.duckdns.org/static/js/app.0.95207078128283351701432353651.js	ScriptElement	3.7 kB	2023-08-13	2023-12-04
Pretty URL login-customer.duckdns.org/static/js/app.0.95207078128283351701432353651.js IP 155.94.128.177 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 09:37 Last Seen2023-12-04 04:38 Times Seen3 Hash 2104a982172a620851f5b3bce658b385 4a1a80c4f32882e653aa547760eb74cc8ecd5a02 bad30cf59958a8bf1284df013b6677b96caac67d501abb20a4769876b01be092 Loading...

	unknown	Function	54 B	2023-04-12	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 08:25 Last Seen2025-05-09 02:24 Times Seen5131 Hash fcaea4b8885ca5c1fb3ddd5c490da5c6 35745f87b37210d992a9ed534a593ae500b7adaa 934c2008743c36db746a9d6ebd9f1b84ff11477edc55fbf7b599bbfa687f7272 Loading...

	login-customer.duckdns.org/static/js/4.0.66279681102880051701432353651.js	ScriptElement	1.0 kB	2024-08-20	2024-08-20
Pretty URL login-customer.duckdns.org/static/js/4.0.66279681102880051701432353651.js IP 155.94.128.177 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:52 Last Seen2024-08-20 16:52 Times Seen2 Hash fbd2347faa7383ec0eab6f762527064e 957ee09d13c3aab1f8929edc20667cae5a425f0a fbf1a30ee09c7c4efec2cae1112ed9a9f4d46aaf55eb543b414b1ea98c50b976 Loading...

	login-customer.duckdns.org/static/js/6.0.66279681102880051701432353651.js	ScriptElement	509 B	2023-06-29	2024-08-22
Pretty URL login-customer.duckdns.org/static/js/6.0.66279681102880051701432353651.js IP 155.94.128.177 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 09:27 Last Seen2024-08-22 17:20 Times Seen10 Hash 9bdc63ed9f9825a7499fd164b9cf048a f4b45c659a202054cacda03e941dd6003ad6e1ee c587469adc1265462ba3f82b779945604c1279bbff3c475a49da5903448f745a Loading...

HTTP Transactions (11)

URL IP Response Size

translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-aeoncord.workers.dev/&client=webapp

216.58.211.14

0 B

URL
translate.google.com/translate?sl=auto&tl=ja&hl=ja&u=https://www.login-aeoncord.workers.dev/&client=webapp
IP
216.58.211.14:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /translate?sl=auto&tl=ja&hl=ja&u=https://www.login-aeoncord.workers.dev/&client=webapp HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 03:37:57 GMT
location: https://www-login--aeoncord-workers-dev.translate.goog/?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-opener-policy: same-origin-allow-popups
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: __Secure-ENID=16.SE=FE-4xZaAm6bhV4x_mufUJ6euxFFOq6vv2NhA7k6GVLONVAijZfEblLGvFOiJGUtFczVqCz7m0XqDEmiszpsgph1ynNaNfB5kuLvvUqxyPVHdiK4ga886YJa90QgMwbMOlSkr_NG5-Qh2lSRBnMuip5DtN5gapG9LGC7_q7M6i1Y; expires=Thu, 02-Jan-2025 19:56:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+422; expires=Wed, 03-Dec-2025 03:37:57 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

155.94.128.177

200 OK

333 B

URL User Request GET HTTP/2
login-customer.duckdns.org/
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (331)
Size
333 B (333 bytes)
Hash
eb3d3585201196d59eb67c9b6e682084
76f4aa9e4a6d70edf7e8edbeca488acad9725660
834079899edee70500ba99ed313772bfa7315dfb877aa5bb9e6e7b0e3aac4dcc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET / HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www-login--aeoncord-workers-dev.translate.goog/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 333
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 03:38:00 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

774 B

URL GET HTTP/2
login-customer.duckdns.org/static/js/manifest.0.95207078128283351701432353651.js
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
ASCII text, with very long lines (1400), with no line terminators
Size
774 B (774 bytes)
Hash
e263cd30d29f82e9c3411172fd5fb7c3
16d556f360120aebc1af2a1e11f6cfd0fe11c050
90d57ed737a255e38866577e10d2acf76160c0b6e75e1bcc78aafe2cf2b6a4f3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/js/manifest.0.95207078128283351701432353651.js HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "578-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 774
content-type: application/javascript
date: Mon, 04 Dec 2023 03:38:00 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

1.5 kB

URL GET HTTP/2
login-customer.duckdns.org/static/js/app.0.95207078128283351701432353651.js
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
Unicode text, UTF-8 text, with very long lines (3548), with no line terminators
Size
1.5 kB (1472 bytes)
Hash
2104a982172a620851f5b3bce658b385
4a1a80c4f32882e653aa547760eb74cc8ecd5a02
bad30cf59958a8bf1284df013b6677b96caac67d501abb20a4769876b01be092

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/js/app.0.95207078128283351701432353651.js HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "e6c-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1472
content-type: application/javascript
date: Mon, 04 Dec 2023 03:38:00 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

552 B

URL GET HTTP/2
login-customer.duckdns.org/static/js/4.0.66279681102880051701432353651.js
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
ASCII text, with very long lines (1006), with no line terminators
Size
552 B (552 bytes)
Hash
fbd2347faa7383ec0eab6f762527064e
957ee09d13c3aab1f8929edc20667cae5a425f0a
fbf1a30ee09c7c4efec2cae1112ed9a9f4d46aaf55eb543b414b1ea98c50b976

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/js/4.0.66279681102880051701432353651.js HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "3ee-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 552
content-type: application/javascript
date: Mon, 04 Dec 2023 03:38:01 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

421 B

URL GET HTTP/2
login-customer.duckdns.org/favicon.ico
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3074, resolution 2834 x 2834 px/m, cbSize 3128, bits offset 54\012- data
Size
421 B (421 bytes)
Hash
6213fbb811e4dcb7d4e9dc4a2426b71b
e3be4d818ac10fa0b0f559009c1206649a17604c
97f7d2fb9b09d0663c929fc5af993727599c45c985f38477c7071996a4d178d6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 10 Nov 2023 19:25:24 GMT
etag: "c38-609d1482d3100-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 421
content-type: image/x-icon
date: Mon, 04 Dec 2023 03:38:02 GMT
server: Apache
X-Firefox-Spdy: h2

fh_sy.gc-001.website/aeon-sy-jl-v3---.php

172.67.204.254

200 OK

5 B

URL GET HTTP/2
fh_sy.gc-001.website/aeon-sy-jl-v3---.php
IP
172.67.204.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectgc-001.website
Fingerprint96:FC:B4:BD:A9:BB:31:A2:E4:DB:0A:56:82:D9:83:6F:8E:07:E8:14
ValidityFri, 20 Oct 2023 07:52:40 GMT - Thu, 18 Jan 2024 07:52:39 GMT

File type
very short file (no magic)
Size
5 B (5 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /aeon-sy-jl-v3---.php HTTP/1.1
Host: fh_sy.gc-001.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://login-customer.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:38:02 GMT
content-type: text/html;charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-credentials: true
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUcMBa9eyYX9BPXo%2FZSKFVEK8lEBOO7bCkjJjCCiroCalCpPVoKUhbSeG73MxhAeRyics4Q%2FbSplckBJ4f1J%2FlxnqKM4KoxrAJUSRnJQYAdqVf6IELnVDjoCezJBV74s7FFXLr1KDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830103a32949b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

155.94.128.177

200 OK

342 B

URL GET HTTP/2
login-customer.duckdns.org/static/js/6.0.66279681102880051701432353651.js
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type
ASCII text, with very long lines (509), with no line terminators
Size
342 B (342 bytes)
Hash
9bdc63ed9f9825a7499fd164b9cf048a
f4b45c659a202054cacda03e941dd6003ad6e1ee
c587469adc1265462ba3f82b779945604c1279bbff3c475a49da5903448f745a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/js/6.0.66279681102880051701432353651.js HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "1fd-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 342
content-type: application/javascript
date: Mon, 04 Dec 2023 03:38:04 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

247 kB

URL GET HTTP/2
login-customer.duckdns.org/static/js/vendor.0.95207078128283351701432353651.js
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type

Size
247 kB (247180 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/js/vendor.0.95207078128283351701432353651.js HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "3c58c-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 04 Dec 2023 03:38:00 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

403 Forbidden

0 B

URL GET HTTP/2
login-customer.duckdns.org/jump.php
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /jump.php HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-credentials: true
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-length: 0
content-type: text/html;charset=utf-8
date: Mon, 04 Dec 2023 03:38:03 GMT
server: Apache
X-Firefox-Spdy: h2

155.94.128.177

200 OK

1.6 MB

URL GET HTTP/2
login-customer.duckdns.org/static/css/app.0.56763622689927341701432353651.css
IP
155.94.128.177:443
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
https://login-customer.duckdns.org/
Certificate
IssuerLet's Encrypt
Subjectlogin-customer2.duckdns.org
Fingerprint50:8B:A1:07:66:59:FC:EB:C2:29:21:00:C4:F0:59:00:EA:4A:E3:BA
ValidityThu, 23 Nov 2023 06:57:57 GMT - Wed, 21 Feb 2024 06:57:56 GMT

File type

Size
1.6 MB (1641194 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /static/css/app.0.56763622689927341701432353651.css HTTP/1.1
Host: login-customer.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-customer.duckdns.org/
Cookie: PHPSESSID=tb9l6vu3bov6u5mq3q7tp9svuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 20:06:20 GMT
etag: "190aea-60b784d3ba700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Mon, 04 Dec 2023 03:38:00 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2