| gregdsgfh.dns04.com/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja | 198.55.123.185 | 308 Permanent Redirect | 258 B |
URL User Request GET HTTP/1.1gregdsgfh.dns04.com/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja IP 198.55.123.185:80
ASN#8100 ASN-QUADRANET-GLOBAL
File typeHTML document, ASCII text Hash7f912a71316d411d91aa2943786d4667 f1ab5e037c9c701935d74a61e9b6d4dfef3e7e01 cf56d626ba88bab89c6c2dcc42b5f64190a1d7019d95b6630a5c1fd655b44095
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain |
GET /auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja HTTP/1.1
Host: gregdsgfh.dns04.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 308 Permanent Redirect
Content-Type: text/html; charset=utf-8
Location: /news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 493
X-Ratelimit-Reset: 1716267829
Date: Tue, 21 May 2024 04:11:02 GMT
Content-Length: 258
|
| gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja | 198.55.123.185 | | 3.2 kB |
URL User Request GET gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja IP 198.55.123.185:0
ASN#8100 ASN-QUADRANET-GLOBAL
File typeHTML document, ASCII text Hash0917f13dfc49319220e3fd5368020384 76deb4f83bc76695a2641c8878bf2e6b9965618f 516bdec259d7df77592cd168e3d21331564bfd2debe7ffead0c2a636f80f86ba
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain |
GET /news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja HTTP/1.1
Host: gregdsgfh.dns04.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 492
X-Ratelimit-Reset: 1716267829
Date: Tue, 21 May 2024 04:11:03 GMT
Transfer-Encoding: chunked
|
| feeds.foxnews.com/foxnews/world | 151.101.194.132 | 301 Moved Permanently | 0 B |
URL GET HTTP/2feeds.foxnews.com/foxnews/world IP 151.101.194.132:443
Requested byhttp://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja CertificateIssuerLet's Encrypt Subject*.foxnews.com FingerprintBC:A6:C4:45:B6:50:28:54:62:5F:42:C0:C4:BC:61:D1:08:00:31:26 ValiditySat, 23 Mar 2024 06:26:40 GMT - Fri, 21 Jun 2024 06:26:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /foxnews/world HTTP/1.1
Host: feeds.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gregdsgfh.dns04.com/
Origin: http://gregdsgfh.dns04.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
retry-after: 0
location: https://moxie.foxnews.com/google-publisher/world.xml
accept-ranges: bytes
date: Tue, 21 May 2024 04:11:03 GMT
via: 1.1 varnish
x-served-by: cache-hel1410027-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1716264663.257768,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,POST,OPTIONS
access-control-allow-headers: *
access-control-allow-credentials: false
access-control-max-age: 86400
access-control-expose-headers: etag
content-length: 0
X-Firefox-Spdy: h2
|
| moxie.foxnews.com/google-publisher/world.xml | 23.52.23.45 | 200 OK | 46 kB |
URL GET HTTP/2moxie.foxnews.com/google-publisher/world.xml IP 23.52.23.45:443
Requested byhttp://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja CertificateIssuerDigiCert Inc Subjectwildcard.foxnews.com Fingerprint92:A8:54:5C:8C:E0:75:4A:F7:00:F0:F3:11:9C:A7:9B:3F:E8:BA:BE ValidityMon, 06 May 2024 00:00:00 GMT - Tue, 06 May 2025 23:59:59 GMT
File typeXML 1.0 document, Unicode text, UTF-8 text, with very long lines (8743) Hash92cf670828f1a0cb0492cde72e6d8c53 155922a01a70e1ecc3b25cd05d7b3eddc5dd2410 273c51daded3f0b91480d674b0d2531b9bb2b9f5286a04adf47507847835f916
GET /google-publisher/world.xml HTTP/1.1
Host: moxie.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://gregdsgfh.dns04.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 45869
x-amzn-trace-id: Root=1-664c0779-4b4c016e57e0e62034d16037;Parent=53d7a83a495b3490;Sampled=0;lineage=c27b69c6:0
moxie-uptime: 55.52ms
x-robots-tag: noindex, nofollow
moxie-version: 1.0
x-amzn-requestid: 99a20205-ef39-4487-98a2-4c1a68afe8f9
x-amz-cf-id: naP-Y5-dWcnVt_4vJPVTuINNvf1Xc1fDFKnybdVk-j-hXHepjdLbUA==
etag: 92cf670828f1a0cb0492cde72e6d8c53
content-type: text/xml;charset=utf-8
x-amz-cf-pop: IAD55-P5
x-amz-apigw-id: YGYbGFNmIAMEUmg=
content-encoding: gzip
x-debug-path: /prod/fn/google-publisher/world.xml
x-origin: prod_moxie
accept-ranges: bytes
x-served-by: cache-iad-kiad7000170-IAD, cache-iad-kiad7000170-IAD, cache-bma1622-BMA
x-cache-hits: 0, 27, 1
x-timer: S1716264540.988661,VS0,VE1
cache-control: must-revalidate, max-age=29
expires: Tue, 21 May 2024 04:11:32 GMT
date: Tue, 21 May 2024 04:11:03 GMT
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
x-forwarded-host: moxie.foxnews.com
X-Firefox-Spdy: h2
|
| gregdsgfh.dns04.com/favicon.ico | 198.55.123.185 | 404 Not Found | 0 B |
URL GET HTTP/1.1gregdsgfh.dns04.com/favicon.ico IP 198.55.123.185:80
ASN#8100 ASN-QUADRANET-GLOBAL
Requested byhttp://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain | suricata | medium | ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain |
GET /favicon.ico HTTP/1.1
Host: gregdsgfh.dns04.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code&client_id=zc001&state=&scope=openid&_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 491
X-Ratelimit-Reset: 1716267829
Date: Tue, 21 May 2024 04:11:03 GMT
Content-Length: 0
|