Report - fztanzcgai.duckdns.org/

Report Overview

Submitted URL
fztanzcgai.duckdns.org/
IP
66.150.66.238
ASN
#35913 DEDIPATH-LLC
Submitted
2023-06-01 18:14:26
Access
public
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
24
Network Intrusion Detection
66
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fztanzcgai.duckdns.org	unknown	unknown	2022-09-16	2023-03-07	8.3 kB	1.1 MB	66.150.66.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 18:14:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:07	medium	66.150.66.238	Client IP	ET INFO TLS Handshake Failure
2023-06-01 18:14:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:08	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:08	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-01 18:14:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-01 18:14:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-01 18:14:09	medium	Client IP	66.150.66.238	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	fztanzcgai.duckdns.org/js/jquery.easing.1.3.js	8.1 kB	2023-03-07	2024-04-15
Pretty URL fztanzcgai.duckdns.org/js/jquery.easing.1.3.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-15 23:53:50 Times Seen926 Hash 2cb90c06cfc2084e0e11ca2b8a10f6c9 45144c119832bb70b1d0e9708cba1e007ee9fbec 11c19392554c9b78c15771afa8f9fbfc78e0e46ca9527831f90ae41f95da73b8 Loading...

	fztanzcgai.duckdns.org/js/bootstrap.min.js	37 kB	2023-03-07	2024-04-24
Pretty URL fztanzcgai.duckdns.org/js/bootstrap.min.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:46 Last Seen2024-04-24 19:25:25 Times Seen10665 Hash 4becdc9104623e891fbb9d38bba01be4 6c264e0e0026ab5ece49350c6a8812398e696cbb 4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327 Loading...

	fztanzcgai.duckdns.org/js/jquery.waypoints.min.js	8.8 kB	2023-03-07	2024-04-21
Pretty URL fztanzcgai.duckdns.org/js/jquery.waypoints.min.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-21 11:44:13 Times Seen757 Hash 28ef3dc306be44a30ec0d0ffe2bee109 791cc9899f0f4dc57ace616780448da4763f05bc 114484b6bcaa6c2e7ac8301929d6bcda18a7f71924a835c2e6c01fdbd6421f5b Loading...

	fztanzcgai.duckdns.org/js/jquery.flexslider-min.js	22 kB	2023-03-07	2024-04-22
Pretty URL fztanzcgai.duckdns.org/js/jquery.flexslider-min.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:11 Last Seen2024-04-22 15:38:37 Times Seen1509 Hash d22c7a166ed20731c48d2f36ff1334ad 3378f3fb6246bcc88fe23e8a38e869f3756b7268 2ce94a80de9d146226e0967aacf51e37f92e18329815338af4de0aef3fc67705 Loading...

	fztanzcgai.duckdns.org/js/main.js	3.5 kB	2023-03-12	2023-12-07
Pretty URL fztanzcgai.duckdns.org/js/main.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 17:10:48 Last Seen2023-12-07 01:43:47 Times Seen75 Hash 269f494693c970646ba98023f4a55399 9d7f29432d252beb67813da02aca253eb56cd212 bbee5c2886b3daacd0a39fa7d9088df1c038824aed057b0dd95bf63a1ec1cf4e Loading...

	fztanzcgai.duckdns.org/js/modernizr-2.6.2.min.js	15 kB	2023-03-07	2024-04-19
Pretty URL fztanzcgai.duckdns.org/js/modernizr-2.6.2.min.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:00 Last Seen2024-04-19 12:59:12 Times Seen884 Hash c3076c3133684f1acfb50014a2aa0876 d706a39500766021bff7e8e30e847e55fe5d4a5f 08b863f1d96a63a08d1db286e9f26c766715be3c470f9c3b93a208169b22a5be Loading...

	fztanzcgai.duckdns.org/js/jquery.min.js	84 kB	2023-03-07	2024-04-24
Pretty URL fztanzcgai.duckdns.org/js/jquery.min.js IP 66.150.66.238 ASN #35913 DEDIPATH-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 18:39:40 Times Seen15665 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

HTTP Transactions (23)

URL IP Response Size

fztanzcgai.duckdns.org/

66.150.66.238

200 OK

11 kB

URL User Request GET HTTP/1.1
fztanzcgai.duckdns.org/
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
11 kB (11010 bytes)
Hash
bbd49a21bcda276b4c9f50c26dbb070c
6953f79ef1dbd34ed1acb1a9fede891422d2ae60
e54cc06a908ad5dfcfad6775fa1824406833f673458478c428dd97270a6ff7d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/html
Content-Length: 11010
Last-Modified: Sat, 03 Jul 2021 16:54:27 GMT
Connection: keep-alive
ETag: "60e09643-2b02"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/css/animate.css

66.150.66.238

200 OK

72 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/css/animate.css
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text
Size
72 kB (71552 bytes)
Hash
86dba2fdf372c74ab0de839437e1c18e
619509e33ac4c3ed5e2ee51cd7ed48111041d711
bb6bcb68b4b10d5c21dbbe7297bb47db61c4b06823dd66c82528cc74efe5102b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/css
Content-Length: 71552
Last-Modified: Sun, 22 May 2016 14:58:28 GMT
Connection: keep-alive
ETag: "5741c914-11780"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/css/flexslider.css

66.150.66.238

200 OK

6.9 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/css/flexslider.css
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text
Size
6.9 kB (6864 bytes)
Hash
8dbe05a4a59d1999c0612edc20b1048e
405cb4caa8f25f2c57abb1ab2a2d140e03d76c7c
8353514f712cd68216607e2a0331eda0f7acdda703bcaf80964a11240413a20c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/flexslider.css HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/css
Content-Length: 6864
Last-Modified: Thu, 08 Dec 2016 05:16:12 GMT
Connection: keep-alive
ETag: "5848ec9c-1ad0"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/css/icomoon.css

66.150.66.238

200 OK

29 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/css/icomoon.css
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text
Size
29 kB (28702 bytes)
Hash
5838bcdf014028ca78b1cc7b60642ade
0d88a989e4c2029f27e5c263092391d4988c9422
9c906de3901ea9791dfd389f02f2427c0dd11be970d9fe42a3b51bfdccdd7044

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/icomoon.css HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/css
Content-Length: 28702
Last-Modified: Sun, 12 Mar 2017 12:16:00 GMT
Connection: keep-alive
ETag: "58c53c00-701e"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/jquery.easing.1.3.js

66.150.66.238

200 OK

8.1 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/jquery.easing.1.3.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
Unicode text, UTF-8 text
Size
8.1 kB (8111 bytes)
Hash
2cb90c06cfc2084e0e11ca2b8a10f6c9
45144c119832bb70b1d0e9708cba1e007ee9fbec
11c19392554c9b78c15771afa8f9fbfc78e0e46ca9527831f90ae41f95da73b8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/jquery.easing.1.3.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: application/javascript
Content-Length: 8111
Last-Modified: Fri, 25 Sep 2015 06:57:42 GMT
Connection: keep-alive
ETag: "5604f066-1faf"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/modernizr-2.6.2.min.js

66.150.66.238

200 OK

15 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/modernizr-2.6.2.min.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
HTML document, ASCII text, with very long lines (14756)
Size
15 kB (15413 bytes)
Hash
c3076c3133684f1acfb50014a2aa0876
d706a39500766021bff7e8e30e847e55fe5d4a5f
08b863f1d96a63a08d1db286e9f26c766715be3c470f9c3b93a208169b22a5be

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/modernizr-2.6.2.min.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: application/javascript
Content-Length: 15413
Last-Modified: Sat, 26 Sep 2015 20:45:52 GMT
Connection: keep-alive
ETag: "56070400-3c35"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/css/style.css

66.150.66.238

200 OK

26 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/css/style.css
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text, with CRLF line terminators
Size
26 kB (25515 bytes)
Hash
68ae99170c04640131703cc907cd7333
d583c9f6d5ce7b5596d064b9ad894bfec71dfee0
8f2aeee298e5804ecd6742f1f1540c025819e1ab53c4f2d7def1792c9dccdfe8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/style.css HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/css
Content-Length: 25515
Last-Modified: Fri, 12 May 2017 05:43:50 GMT
Connection: keep-alive
ETag: "59154b96-63ab"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/jquery.min.js

66.150.66.238

200 OK

84 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/jquery.min.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: application/javascript
Content-Length: 84380
Last-Modified: Tue, 28 Apr 2015 16:03:04 GMT
Connection: keep-alive
ETag: "553faf38-1499c"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/jquery.waypoints.min.js

66.150.66.238

200 OK

8.8 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/jquery.waypoints.min.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
Unicode text, UTF-8 text, with very long lines (8668)
Size
8.8 kB (8835 bytes)
Hash
28ef3dc306be44a30ec0d0ffe2bee109
791cc9899f0f4dc57ace616780448da4763f05bc
114484b6bcaa6c2e7ac8301929d6bcda18a7f71924a835c2e6c01fdbd6421f5b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/jquery.waypoints.min.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: application/javascript
Content-Length: 8835
Last-Modified: Fri, 25 Sep 2015 06:58:42 GMT
Connection: keep-alive
ETag: "5604f0a2-2283"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/jquery.flexslider-min.js

66.150.66.238

200 OK

22 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/jquery.flexslider-min.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text, with very long lines (22247)
Size
22 kB (22342 bytes)
Hash
d22c7a166ed20731c48d2f36ff1334ad
3378f3fb6246bcc88fe23e8a38e869f3756b7268
2ce94a80de9d146226e0967aacf51e37f92e18329815338af4de0aef3fc67705

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/jquery.flexslider-min.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: application/javascript
Content-Length: 22342
Last-Modified: Mon, 16 Nov 2015 21:33:30 GMT
Connection: keep-alive
ETag: "564a4baa-5746"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/main.js

66.150.66.238

200 OK

3.5 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/main.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text
Size
3.5 kB (3459 bytes)
Hash
269f494693c970646ba98023f4a55399
9d7f29432d252beb67813da02aca253eb56cd212
bbee5c2886b3daacd0a39fa7d9088df1c038824aed057b0dd95bf63a1ec1cf4e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/main.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: application/javascript
Content-Length: 3459
Last-Modified: Thu, 23 Mar 2017 03:21:56 GMT
Connection: keep-alive
ETag: "58d33f54-d83"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/css/bootstrap.css

66.150.66.238

200 OK

135 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/css/bootstrap.css
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
assembler source, ASCII text, with very long lines (576)
Size
135 kB (134656 bytes)
Hash
4f675f9f48bc0651982b342fd6ff0c5b
dcca0eb61458a27a3ad7a81a5acb941a47def237
1f7b1710ec4cebde2e20796af1baef1e3c140b1c4aa80eb54627509a84aaf34a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:08 GMT
Content-Type: text/css
Content-Length: 134656
Last-Modified: Mon, 23 May 2016 00:48:30 GMT
Connection: keep-alive
ETag: "5742535e-20e00"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/js/bootstrap.min.js

66.150.66.238

200 OK

37 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/js/bootstrap.min.js
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
ASCII text, with very long lines (32034)
Size
37 kB (36816 bytes)
Hash
4becdc9104623e891fbb9d38bba01be4
6c264e0e0026ab5ece49350c6a8812398e696cbb
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: application/javascript
Content-Length: 36816
Last-Modified: Tue, 16 Jun 2015 16:29:50 GMT
Connection: keep-alive
ETag: "55804efe-8fd0"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img-3.jpg

66.150.66.238

200 OK

38 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img-3.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x400, components 3\012- data
Size
38 kB (38479 bytes)
Hash
535c75531674ae254cb8470ff00b8167
4f60fefebdfcbfd42081d6c4c4bd0519c0e156b5
df181f16bb2fcf170235fa549122e1ab6dda8d773aed0e70e73b0665f48a08ef

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img-3.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 38479
Last-Modified: Mon, 08 May 2017 06:29:46 GMT
Connection: keep-alive
ETag: "5910105a-964f"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img-4.jpg

66.150.66.238

200 OK

20 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img-4.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x400, components 3\012- data
Size
20 kB (19717 bytes)
Hash
1557846a62a45e6df112cd2df209bd37
a1ada353f0562af1de75b2f8841e021a6e5cfb33
d01c592aebaa553d7c65da7853edf632578a9b656f12c09e74c3ded2c18dee44

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img-4.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 19717
Last-Modified: Mon, 08 May 2017 06:29:52 GMT
Connection: keep-alive
ETag: "59101060-4d05"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img-1.jpg

66.150.66.238

200 OK

16 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img-1.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x400, components 3\012- data
Size
16 kB (15536 bytes)
Hash
70d2bba34aa87499ff7390c13aa2e69a
209730d0e03b0efebb9301c230923423792525da
220fa4af78056f55f3470783047e7d97fbf3109b44bdcc2d3b5bcbdcd339fc78

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img-1.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 15536
Last-Modified: Mon, 08 May 2017 06:29:32 GMT
Connection: keep-alive
ETag: "5910104c-3cb0"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/loader.gif

66.150.66.238

404 Not Found

153 B

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/loader.gif
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
359200ef8ee49c2db0375022a904e43c
68a6895b923242e52411cc9260dfdc7704cf5408
6aaf57fba9525f7f72e9ccfd52c0745bf4cebc870be6decc7b72621c24c5792c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/loader.gif HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

fztanzcgai.duckdns.org/images/img_bg_3.jpg

66.150.66.238

200 OK

43 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img_bg_3.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x798, components 3\012- data
Size
43 kB (42618 bytes)
Hash
1c32d73b0b39152f16416a3f7a7d28d0
ca6e867c6961b2b4cb4e3cf74be399ef90335f29
4ccf8e2a336859471c3c666a1638730f2c6764331e0b2167fffc5b29bd0c6660

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img_bg_3.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 42618
Last-Modified: Mon, 08 May 2017 06:30:42 GMT
Connection: keep-alive
ETag: "59101092-a67a"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img_bg_2.jpg

66.150.66.238

200 OK

47 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img_bg_2.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components 3\012- data
Size
47 kB (46819 bytes)
Hash
1b52bfc0bc3d5ccff55fd69ff93bb187
7af2b8b5045460a8141f26b4bf92f7d8ce34df8d
06b3f4da0557079478a7c134c5a554fe5912996f333df063e37248986194d68b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img_bg_2.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 46819
Last-Modified: Mon, 08 May 2017 06:30:34 GMT
Connection: keep-alive
ETag: "5910108a-b6e3"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img-2.jpg

66.150.66.238

200 OK

42 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img-2.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x400, components 3\012- data
Size
42 kB (41787 bytes)
Hash
d54bd9f4cd142d8d7f5f3131cbeccfd4
088296d83366f9d7bdd8586e299038927fa3ea78
36259439e78196b275daa319cb7cc20de9092536dae35326aa7e03d9ab7c0ace

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img-2.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 41787
Last-Modified: Mon, 08 May 2017 06:29:40 GMT
Connection: keep-alive
ETag: "59101054-a33b"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/fonts/icomoon/icomoon.ttf?srf3rx

66.150.66.238

200 OK

156 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/fonts/icomoon/icomoon.ttf?srf3rx
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size
156 kB (155564 bytes)
Hash
ee8d016f1bfe9220bee450ff02b59624
6a00b14581f2499eade379ac429762b337f6b7de
09675039f8d6682053b4c5d91b48fb859ccf7319b155934ad9ee2bf3efb3bd7c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /fonts/icomoon/icomoon.ttf?srf3rx HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: application/octet-stream
Content-Length: 155564
Last-Modified: Sun, 12 Mar 2017 12:16:00 GMT
Connection: keep-alive
ETag: "58c53c00-25fac"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/images/img_bg_1.jpg

66.150.66.238

200 OK

250 kB

URL GET HTTP/1.1
fztanzcgai.duckdns.org/images/img_bg_1.jpg
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x842, components 3\012- data
Size
250 kB (250407 bytes)
Hash
df2e761d941b56cf241642ebc3453e96
85a072728f58db776af0d02fa17649db97800a24
71a97933336ffa5deab8f41ff2fbd543b228ccbbb7fe221973c45ba383dd8c5c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/img_bg_1.jpg HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:09 GMT
Content-Type: image/jpeg
Content-Length: 250407
Last-Modified: Mon, 08 May 2017 06:30:26 GMT
Connection: keep-alive
ETag: "59101082-3d227"
Accept-Ranges: bytes

fztanzcgai.duckdns.org/favicon.ico

66.150.66.238

404 Not Found

153 B

URL GET HTTP/1.1
fztanzcgai.duckdns.org/favicon.ico
IP
66.150.66.238:80
ASN
#35913 DEDIPATH-LLC

Requested by
http://fztanzcgai.duckdns.org/

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
359200ef8ee49c2db0375022a904e43c
68a6895b923242e52411cc9260dfdc7704cf5408
6aaf57fba9525f7f72e9ccfd52c0745bf4cebc870be6decc7b72621c24c5792c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fztanzcgai.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fztanzcgai.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.25.0
Date: Thu, 01 Jun 2023 18:14:10 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL User Request GET HTTP/1.1

IP

ASN

File type