Report - sign-lith.duckdns.org/36d5ab50abc4572/login.php

Report Overview

Submitted URL
sign-lith.duckdns.org/36d5ab50abc4572/login.php
IP
193.143.1.71
ASN
#198953 Proton66 OOO
Submitted
2024-04-23 09:18:43
Access
public
Website Title
Société Générale | Connexion
Final URL
sign-lith.duckdns.org/36d5ab50abc4572/login.php
Tags
societe_generale financial phishing dyndns suspicious
urlquery detections
Phishing - Societe Generale
Suspicious - DynDNS domain
Suspicious - Anti-debugging code

Detections

urlquery
70
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sign-lith.duckdns.org	unknown	unknown	No data	No data	13 kB	1.6 MB	193.143.1.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	sign-lith.duckdns.org/36d5ab50abc4572/login.php	0 B	2023-03-07	2024-05-03
Pretty URL sign-lith.duckdns.org/36d5ab50abc4572/login.php IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-03 17:23:43 Times Seen37309039 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	sign-lith.duckdns.org/assets/js/jquery.min.js	88 kB	2023-03-07	2024-05-03
Pretty URL sign-lith.duckdns.org/assets/js/jquery.min.js IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 09:12:39 Times Seen8554 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	sign-lith.duckdns.org/assets/js/popper.min.js	20 kB	2023-03-07	2024-05-03
Pretty URL sign-lith.duckdns.org/assets/js/popper.min.js IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 06:34:50 Times Seen4137 Hash 5644e6835941af44dcb5cead916c2b79 6eb1840d55338895ce6ecc3eab56132b1d152b93 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58 Loading...

	sign-lith.duckdns.org/assets/js/bootstrap.min.js	58 kB	2023-03-08	2024-04-23
Pretty URL sign-lith.duckdns.org/assets/js/bootstrap.min.js IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:08:57 Last Seen2024-04-23 11:18:50 Times Seen73 Hash 71986167ab7d81363f7237df9caaa9d8 5b4d74aa7c38c3419eba03159c25a85f59fa5ca0 f3be5854e74fdc058087b4b1c96141ce5e1c58a6a8286d35c1097167f02b07fc Loading...

	sign-lith.duckdns.org/assets/js/fontawesome.min.js	1.1 MB	2023-03-07	2024-05-03
Pretty URL sign-lith.duckdns.org/assets/js/fontawesome.min.js IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 06:34:50 Times Seen2680 Hash a6756b0b8637e62f56d9d794b154ca12 5cd7e758e41375d85cef812d4578d5cd9b949ea7 21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e Loading...

	sign-lith.duckdns.org/assets/js/main.js	4.5 kB	2023-03-11	2024-04-23
Pretty URL sign-lith.duckdns.org/assets/js/main.js IP 193.143.1.71 ASN #198953 Proton66 OOO Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:45:50 Last Seen2024-04-23 11:18:50 Times Seen53 Hash f3cc7b2e10f64d203209516559b42939 6c32f191daba55919b6b2f94ef54df521e31619b 43ef7d738f2559ade8cae1e07dcce23d263c7eec047b816c217665460c837c06 Loading...

HTTP Transactions (24)

URL IP Response Size

sign-lith.duckdns.org/assets/images/logo.jpg

193.143.1.71

200 OK

3.8 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/logo.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:35:13], baseline, precision 8, 160x33, components 3
Size
3.8 kB (3772 bytes)
Hash
f85385da3d92ffbf4a5f706ec6f6b1fe
c6321ff15f1d136f6c04728b8c058d301ca66c3d
04690f1deb47cc41bcb7fbc072a9fdc7893c279a2857bea2d0fdfb90f5aebf17

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/logo.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 3772
last-modified: Sat, 09 Nov 2019 02:35:12 GMT
etag: "5dc625e0-ebc"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/logo2.jpg

193.143.1.71

200 OK

1.3 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/logo2.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:09 02:50:21], baseline, precision 8, 30x30, components 3
Size
1.3 kB (1258 bytes)
Hash
faae31dc56abb70d92d5802d5397ecfd
20ea10febe43d77f015205993a7941dc49ac6d57
3dc3d4f09a6caa938a754adf03cb9f7661ebffa085a55de8f04d2b52e1e5e46b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/logo2.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 1258
last-modified: Sat, 09 Nov 2019 07:50:20 GMT
etag: "5dc66fbc-4ea"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/header-right.jpg

193.143.1.71

200 OK

4.0 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/header-right.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:35:54], baseline, precision 8, 264x42, components 3
Size
4.0 kB (3955 bytes)
Hash
1f1151e363e9714a02d111d0bf693149
d3c2e1191e1184de686bc47c60a6808e10d12d7f
5355498bdd6c7aec87dd2ca2063a7cc3ca3cc4b5f040ce91a7a062b916fc9da7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/header-right.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 3955
last-modified: Sat, 09 Nov 2019 02:35:54 GMT
etag: "5dc6260a-f73"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/remember.jpg

193.143.1.71

200 OK

3.3 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/remember.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:41:22], baseline, precision 8, 232x26, components 3
Size
3.3 kB (3349 bytes)
Hash
749caf8b2ee7d53e19e9aefc264f1edd
6e47816ee429dce1b7bc90d3c4e7077f7717abef
523f01e171ebf63770e025487bdcfe986841d4ec2da50c1486d2632066eacd5f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/remember.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 3349
last-modified: Sat, 09 Nov 2019 02:41:22 GMT
etag: "5dc62752-d15"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/valider.jpg

193.143.1.71

200 OK

2.4 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/valider.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:42:01], baseline, precision 8, 228x46, components 3
Size
2.4 kB (2396 bytes)
Hash
cdb4c22582994eb8886bc6ff635e73fc
c82dfcc5de03a52f24dd4fdc7cb7ca6c0ced1402
de379c81409abd484f28cdd4c8920d53f2e6d58b804f6682bde403a994f9eb1d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/valider.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 2396
last-modified: Sat, 09 Nov 2019 02:42:00 GMT
etag: "5dc62778-95c"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/index-content.jpg

193.143.1.71

200 OK

42 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/index-content.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:37:08], baseline, precision 8, 592x472, components 3
Size
42 kB (41795 bytes)
Hash
feb028a0316d32290c21873cac0f970b
ca09c3c246c63ac372165d2fa0e07433d92fb4f8
dd484b04dac0726d23a6e91c32a5cb080ba9365c0988d72be39804ec5c9d6e13

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/index-content.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 41795
last-modified: Sat, 09 Nov 2019 02:37:08 GMT
etag: "5dc62654-a343"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/index-content2.jpg

193.143.1.71

200 OK

38 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/index-content2.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:09 02:58:15], baseline, precision 8, 705x334, components 3
Size
38 kB (37745 bytes)
Hash
ceb0e69d56f8fb313a1de01ebea0f30f
5f78b4db0ade197e62cc5fe54e78b21a3eb88af9
64183c0b220d6a5c70fe6db1b913f71f7169e74e8a792a55121941a1612b112e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/index-content2.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 37745
last-modified: Sat, 09 Nov 2019 07:58:14 GMT
etag: "5dc67196-9371"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/footer-info.jpg

193.143.1.71

200 OK

11 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/footer-info.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:38:38], baseline, precision 8, 792x30, components 3
Size
11 kB (10974 bytes)
Hash
e62dd32a226f35dd99625cef5d9da3cf
780946f61f635a6ec00a4b1270a34faeb8f2d52c
0751b01de553f0bd4948daf91d362fba24c2962fe2aca87432e3e8e458b9f54d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/footer-info.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 10974
last-modified: Sat, 09 Nov 2019 02:38:38 GMT
etag: "5dc626ae-2ade"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/footer-info2.jpg

193.143.1.71

200 OK

12 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/footer-info2.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:09 03:05:55], baseline, precision 8, 456x187, components 3
Size
12 kB (11992 bytes)
Hash
06100b2d8335d3c1c44e0fbda36adaf1
252b94de7443138eabaeb59bebc8408d9281fe8c
ccc6c7ba02d62eb66e9cad7696176461239eafc26852d5abfbb49f87e5cbc62f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/footer-info2.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 11992
last-modified: Sat, 09 Nov 2019 08:05:54 GMT
etag: "5dc67362-2ed8"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/social.jpg

193.143.1.71

200 OK

2.1 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/social.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:39:18], baseline, precision 8, 154x30, components 3
Size
2.1 kB (2132 bytes)
Hash
344a0db638caa873c960567f518bfc87
dca5eec08e5f4ad90aa22cd388a93a932d3be7ad
96f0c851ac5ff6aefba755892a7ab800afa91c414cbe0be88653d63f46d589fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/social.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 2132
last-modified: Sat, 09 Nov 2019 02:39:18 GMT
etag: "5dc626d6-854"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/footer-links.jpg

193.143.1.71

200 OK

8.4 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/footer-links.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:08 21:40:28], baseline, precision 8, 713x16, components 3
Size
8.4 kB (8378 bytes)
Hash
12962121b758a6679970b22c02e978a2
c8af650f6bcefbc374ea21ddf2e54ecd67c8811a
f6f7e0611ba3d6ba2268c51b20205b322d51d1cee76bdd6911b49f1d12b4f05a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/footer-links.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 8378
last-modified: Sat, 09 Nov 2019 02:40:28 GMT
etag: "5dc6271c-20ba"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/footer-links2.jpg

193.143.1.71

200 OK

10 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/footer-links2.jpg
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=PhotoFiltre Studio X, datetime=2019:11:09 03:07:52], baseline, precision 8, 145x194, components 3
Size
10 kB (10348 bytes)
Hash
a80be8f527a404c7f8338a334827c1e4
041fe88b8c5197094952e0a8ae6605e09f18c5a1
ecfd67766f26a45c54b53340c22f3f25441a40434a559dde5b73f6d19901abbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/footer-links2.jpg HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: image/jpeg
content-length: 10348
last-modified: Sat, 09 Nov 2019 08:07:52 GMT
etag: "5dc673d8-286c"
expires: Thu, 23 May 2024 09:18:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/points.png

193.143.1.71

200 OK

208 B

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/points.png
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
208 B (208 bytes)
Hash
f9dc6373846a99bfe761d3427d50632d
685843d14882374bcf6b0798ab60bbecc84567a8
d41b3311daa52ffdfb112169926c6b68fee615ea6c72abac25fa1dbe799131d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/points.png HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/assets/css/main.css
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:18 GMT
content-type: image/png
content-length: 208
last-modified: Sat, 09 Nov 2019 02:47:58 GMT
etag: "5dc628de-d0"
expires: Thu, 23 May 2024 09:18:18 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/images/favicon.ico

193.143.1.71

200 OK

318 B

URL GET HTTP/2
sign-lith.duckdns.org/assets/images/favicon.ico
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors
Size
318 B (318 bytes)
Hash
ca10c09aeaf43460d3760f50c608eb51
f2ed2a4fe0e1eadb7dd28444ea6b7a04abf0d38e
daf58b06a09d467436ee5fd10eefbeadac3cf6ecaef1eca1884ef8330f561642

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:18 GMT
content-type: image/x-icon
content-length: 318
last-modified: Sat, 09 Nov 2019 02:44:16 GMT
etag: "5dc62800-13e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/css/helpers.css

193.143.1.71

200 OK

7.2 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/css/helpers.css
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
gzip compressed data, from Unix
Size
7.2 kB (7203 bytes)
Hash
79edbadcffd51aa3e397d533661c5fb3
7d85cbba36d470bd81f1c61e7da304f5032a63f9
eeb9b19077d1f1f43ff80854c7209904febeb9591e0e529f65488a9cc9331512

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/css/helpers.css HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: text/css
last-modified: Tue, 27 Nov 2018 05:16:08 GMT
vary: Accept-Encoding
etag: W/"5bfcd318-a318"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/js/popper.min.js

193.143.1.71

200 OK

14 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/js/popper.min.js
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
gzip compressed data, from Unix
Size
14 kB (13571 bytes)
Hash
bee5c95e778f66254f0f7fe3f692e5ba
e3e256fa28aca9e32eb00942c824eb416a6acdd1
5bfe3727d1265d3b420378fd00c6dc2ca2a6343875e15463292bfa3ec9f414ee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/js/popper.min.js HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: application/javascript
last-modified: Mon, 26 Nov 2018 01:02:46 GMT
vary: Accept-Encoding
etag: W/"5bfb4636-4f74"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/36d5ab50abc4572/login.php

193.143.1.71

200 OK

8.6 kB

URL User Request GET HTTP/2
sign-lith.duckdns.org/36d5ab50abc4572/login.php
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9217), with no line terminators
Size
8.6 kB (8614 bytes)
Hash
a6665515665cc8a9daa53dc5f4b58428
1c8850d14f384b4a34754a407b4d4ffc84b39df6
af682c9d87b3cfbf80ad4a23492ad072786e474738fe873f79cb34ce978cb33d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /36d5ab50abc4572/login.php HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/js/main.js

193.143.1.71

200 OK

4.5 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/js/main.js
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4757), with no line terminators
Size
4.5 kB (4480 bytes)
Hash
36f78d129a8545e0fc93f7f32ae1e9e1
50f28220de861349c0f07568fb96e0eee3f1a9f4
cd6a3b799c06445950f7473dbac5d914cca149aeee5fee153efb2ee18965c09f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /assets/js/main.js HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: application/javascript
last-modified: Fri, 20 Dec 2019 02:00:48 GMT
vary: Accept-Encoding
etag: W/"5dfc2b50-1180"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/css/main.css

193.143.1.71

200 OK

3.0 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/css/main.css
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
ASCII text, with very long lines (2953), with no line terminators
Size
3.0 kB (2951 bytes)
Hash
d2cb041829ef8ef1b900bfc308df0f12
7e41764ce6b92dbe72bd857e6ea60f1f457b8433
e34b7d3bfbff391579b2b88b312071958c8e3bdc5b53ad0e1251d622082a0bc1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/css/main.css HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: text/css
last-modified: Sun, 10 Nov 2019 02:14:16 GMT
vary: Accept-Encoding
etag: W/"5dc77278-b87"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/js/bootstrap.min.js

193.143.1.71

200 OK

58 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/js/bootstrap.min.js
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JavaScript source, ASCII text, with very long lines (58388), with no line terminators
Size
58 kB (58388 bytes)
Hash
71986167ab7d81363f7237df9caaa9d8
5b4d74aa7c38c3419eba03159c25a85f59fa5ca0
f3be5854e74fdc058087b4b1c96141ce5e1c58a6a8286d35c1097167f02b07fc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/js/bootstrap.min.js HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: application/javascript
last-modified: Sun, 10 Nov 2019 02:29:12 GMT
vary: Accept-Encoding
etag: W/"5dc775f8-e414"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/js/fontawesome.min.js

193.143.1.71

200 OK

1.1 MB

URL GET HTTP/2
sign-lith.duckdns.org/assets/js/fontawesome.min.js
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type

Size
1.1 MB (1061198 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/js/fontawesome.min.js HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: application/javascript
last-modified: Mon, 26 Nov 2018 04:03:18 GMT
vary: Accept-Encoding
etag: W/"5bfb7086-10314e"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/css/bootstrap.min.css

193.143.1.71

200 OK

156 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/css/bootstrap.min.css
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155758 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: text/css
last-modified: Wed, 13 Feb 2019 13:01:40 GMT
vary: Accept-Encoding
etag: W/"5c641534-2606e"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/js/jquery.min.js

193.143.1.71

200 OK

88 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/js/jquery.min.js
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
88 kB (88145 bytes)
Hash
2f772fed444d5489079f275bd01e26cc
a8927ac2830b2fdd4a729eb0eb7f80923539ceb9
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2019 00:52:54 GMT
vary: Accept-Encoding
etag: W/"5d7996e6-15851"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

sign-lith.duckdns.org/assets/css/fonts.css

193.143.1.71

200 OK

3.7 kB

URL GET HTTP/2
sign-lith.duckdns.org/assets/css/fonts.css
IP
193.143.1.71:443
ASN
#198953 Proton66 OOO

Requested by
https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Certificate
IssuerLet's Encrypt
Subjectsign-lith.duckdns.org
Fingerprint7D:27:E8:19:15:0A:DA:7F:3B:5B:FE:14:87:90:96:56:57:47:2A:8A
ValiditySat, 20 Apr 2024 20:08:45 GMT - Fri, 19 Jul 2024 20:08:44 GMT

File type
ASCII text, with very long lines (3882), with no line terminators
Size
3.7 kB (3730 bytes)
Hash
b90f3e67d87b295420f703d3afb0b2ec
baad9cbd8a943aea754f33d547a6334876a613b2
46436bf566a9179eaaa22761baaf67090ed4edf7b9b179f2567db71d7691d37f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /assets/css/fonts.css HTTP/1.1
Host: sign-lith.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sign-lith.duckdns.org/36d5ab50abc4572/login.php
Cookie: PHPSESSID=hbb8u8gcgbbsjmkepst1hjdt0b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 09:18:17 GMT
content-type: text/css
last-modified: Mon, 04 Nov 2019 02:14:52 GMT
vary: Accept-Encoding
etag: W/"5dbf899c-e92"
expires: Tue, 23 Apr 2024 21:18:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type