uspsmail95km09t3.ddns.net/a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php
157.245.90.85302 Found 0 B URL User Request GET HTTP/1.1 uspsmail95km09t3.ddns.net/a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 02 Nov 2023 14:15:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
uspsmail95km09t3.ddns.net/index.php
157.245.90.85302 Found 2 B URL User Request GET HTTP/1.1 uspsmail95km09t3.ddns.net/index.php
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain
GET /index.php HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 02 Nov 2023 14:15:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
157.245.90.85301 Moved Permanently 410 B URL User Request GET HTTP/1.1 uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 577297708e628188924e0c684389ee35
68ced06a37d94d59db97ab753224b187f859e7e8
3915f07c6e4291e631ebe82f15a09a031e1ca597c8dc064243d15ead1c75b2b1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15 HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Nov 2023 14:15:15 GMT
Server: Apache
Location: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Content-Length: 410
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/
157.245.90.85 2 B URL uspsmail95km09t3.ddns.net/
IP 157.245.90.85:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain
GET / HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 02 Nov 2023 14:15:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ed8e2927d037f6cf07ace9ac4f333611; path=/
Location: f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
157.245.90.85 409 B URL uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
IP 157.245.90.85:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ea046c137b2371134f6d8d1e75b09330
7346d5d7fb1cfabae70b9ea30c60b050a350fd3a
5afd247b31649d682ad57b2d87b7e0bf59e0748aaa46d79f1ab4a0d47515f972
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain
GET /f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820 HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Nov 2023 14:15:16 GMT
Server: Apache
Location: http://uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
Content-Length: 409
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
157.245.90.85 0 B URL uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820
IP 157.245.90.85:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain
suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820 HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 02 Nov 2023 14:15:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=03651bb867001fcbd894798c19e3ab1a; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
157.245.90.85200 OK 12 kB URL User Request GET HTTP/1.1 uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (420)
Hash 2dd964028673f3b183bea4abde962de3
22be0aef32770e8b6b02fbc93413cc4bf1c5ab6a
0b43d1a94443b09e1eaf4e2b765ba5ebc63505269c88b4ad5a74a698c0c41073
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15 HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 14:15:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js
142.250.74.42200 OK 54 kB URL GET HTTP/2 maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js
IP 142.250.74.42:443
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT
File type ASCII text, with very long lines (3412)
Hash 16b73dc0de9683fb153b38cf6b5a6e6d
22261377b57577dcd8046a8970ef5c80aefdf5dc
d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79
GET /maps-api-v3/api/js/38/11/intl/nl_ALL/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 53998
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 14:38:56 GMT
expires: Wed, 30 Oct 2024 14:38:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Nov 2019 22:32:04 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 171381
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js
142.250.74.42200 OK 29 kB URL GET HTTP/2 maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js
IP 142.250.74.42:443
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT
File type ASCII text, with very long lines (1601)
Hash 2005cff13e09393e76f625c7c3e6d0b7
47d240c168d611f38c102cf2b6320ea582e69e46
50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1
GET /maps-api-v3/api/js/38/11/intl/nl_ALL/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 28568
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 14:14:59 GMT
expires: Fri, 01 Nov 2024 14:14:59 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Nov 2019 22:32:04 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 18
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
uspsmail95km09t3.ddns.net/content/marktplaats/client.min.css
157.245.90.85404 Not Found 315 B URL GET HTTP/1.1 uspsmail95km09t3.ddns.net/content/marktplaats/client.min.css
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /content/marktplaats/client.min.css HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/content/marktplaats/normalize.112272e5.css
157.245.90.85404 Not Found 315 B URL GET HTTP/1.1 uspsmail95km09t3.ddns.net/content/marktplaats/normalize.112272e5.css
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /content/marktplaats/normalize.112272e5.css HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/images/logo-mini-sb.png
157.245.90.85200 OK 24 kB URL GET HTTP/1.1 uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/images/logo-mini-sb.png
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 43707dd65a8c8ec7754b7b45fd483488
f258a5de57dfa37baf13296da6055e8f8881d742
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /e61fc31aed34e22c90e8bc9865670b8a/images/logo-mini-sb.png HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Last-Modified: Thu, 02 Nov 2023 14:15:15 GMT
Accept-Ranges: bytes
Content-Length: 23625
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
uspsmail95km09t3.ddns.net/content/marktplaats/favicon-192x192.png
157.245.90.85404 Not Found 315 B URL GET HTTP/1.1 uspsmail95km09t3.ddns.net/content/marktplaats/favicon-192x192.png
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /content/marktplaats/favicon-192x192.png HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/content/marktplaats/favicon.ico
157.245.90.85404 Not Found 315 B URL GET HTTP/1.1 uspsmail95km09t3.ddns.net/content/marktplaats/favicon.ico
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /content/marktplaats/favicon.ico HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
uspsmail95km09t3.ddns.net/index.php
157.245.90.85302 Found 0 B URL User Request GET HTTP/1.1 uspsmail95km09t3.ddns.net/index.php
IP 157.245.90.85:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectuspsmail95km09t3.ddns.net
Fingerprint91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E
ValidityThu, 02 Nov 2023 12:03:26 GMT - Wed, 31 Jan 2024 12:03:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain
GET /index.php HTTP/1.1
Host: uspsmail95km09t3.ddns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 02 Nov 2023 14:15:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=52833fbceeeeda8f15f101c49b70b5ec; path=/
Location: https://www.siteground.com
Content-Length: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
www.siteground.com/
34.149.40.93 0 B IP 34.149.40.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.siteground.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Thu, 02 Nov 2023 14:15:19 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://eu.siteground.com
set-cookie: PHPSESSID=6669b90adb653a9533ff62b81579e09a; path=/; domain=.siteground.com; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-httpd-modphp: 1
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
x-xss-protection: 1
x-frame-options: DENY
x-server: 0, 0, 0
host-header: 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024
x-proxy-cache: MISS, MISS, MISS
x-proxy-cache-info: d302 NC:000000 UP:, d302 NC:000000 UP:, d302 NC:000000 UP:
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
age: 0
via: 1.1 google
X-Firefox-Spdy: h2
devilsms.live/css/usps/main.css
0.0.0.0 0 B URL GET devilsms.live/css/usps/main.css
IP 0.0.0.0:0
Requested by https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/usps/main.css HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uspsmail95km09t3.ddns.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache