Report - rakuten-userb.pages.dev/vc

Report Overview

Submitted URL
rakuten-userb.pages.dev/vc
IP
172.66.47.96
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-02 12:37:02
Access
public
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
2
Network Intrusion Detection
2
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aulink.linkpc.net	unknown	2008-11-12	2022-04-09	2023-05-29	457 B	440 B	35.189.135.172
rakuten-userb.pages.dev	unknown	2020-09-02	2023-05-22	2023-06-01	1.4 kB	4.2 kB	172.66.44.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 12:36:44	medium	Client IP	Internal IP	ET INFO Observed DNS Query to DynDNS Domain (linkpc .net)
2023-06-02 12:36:44	medium	Client IP	Internal IP	ET INFO Observed DNS Query to DynDNS Domain (linkpc .net)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-30	medium	rakuten-userb.pages.dev/vc

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	rakuten-userb.pages.dev/assets/js/getpage.js	1.8 kB	2023-06-02	2023-06-02
Pretty URL rakuten-userb.pages.dev/assets/js/getpage.js IP 172.66.44.160 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 14:37:04 Last Seen2023-06-02 14:37:04 Times Seen1 Hash 29a40f5bdb63813884dac53d3cbb2b76 1c99a3485c966184f894fa2f3131e47bea2d7adf 3467c8f90ca2de51bbf93e7e13a3294b1a74cdfeff5a28f4d616e186f4191ce3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8305df18a7092cddb14f62bf35bf1583	175 B	2023-05-23	2023-07-06
Pretty Observations First Seen2023-05-23 03:38:30 Last Seen2023-07-06 20:20:18 Times Seen10 Hash 8305df18a7092cddb14f62bf35bf1583 25371d0f64f5a71dcde9d1452eafd7c1ec9ac25e 348a1dae60cf359414f6c7f20dbea4febdaff87a0b117cdf2dafab29097708a2 Loading...

HTTP Transactions (4)

URL IP Response Size

aulink.linkpc.net/source.php?page=vc

35.189.135.172

200 OK

153 B

URL GET HTTP/2
aulink.linkpc.net/source.php?page=vc
IP
35.189.135.172:443
ASN
#15169 GOOGLE

Requested by
https://rakuten-userb.pages.dev/vc
Certificate
IssuerLet's Encrypt
Subjectaulink.publicvm.com
Fingerprint18:51:E1:8F:4D:A2:D4:69:B9:A0:E5:C1:D9:43:F0:65:5A:ED:99:E6
ValidityThu, 30 Mar 2023 01:16:59 GMT - Wed, 28 Jun 2023 01:16:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
8305df18a7092cddb14f62bf35bf1583
25371d0f64f5a71dcde9d1452eafd7c1ec9ac25e
348a1dae60cf359414f6c7f20dbea4febdaff87a0b117cdf2dafab29097708a2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /source.php?page=vc HTTP/1.1
Host: aulink.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rakuten-userb.pages.dev/
Origin: https://rakuten-userb.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 12:36:45 GMT
server: Apache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, DELETE,PATCH,PUT
vary: Accept-Encoding
content-encoding: gzip
content-length: 153
content-type: text/html; charset=utf-8
X-Firefox-Spdy: h2

rakuten-userb.pages.dev/vc

172.66.44.160

200 OK

67 B

URL User Request GET HTTP/2
rakuten-userb.pages.dev/vc
IP
172.66.44.160:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectrakuten-userb.pages.dev
Fingerprint1C:6F:47:B5:38:80:91:9F:7E:4A:58:49:88:72:5A:A9:6B:BA:40:F3
ValidityMon, 22 May 2023 12:56:23 GMT - Sun, 20 Aug 2023 12:56:22 GMT

File type
HTML document, ASCII text, with no line terminators
Size
67 B (67 bytes)
Hash
3a5e572eff7b73642bf205ecb903704f
e8d9951c3d380e807fcd4245ae76abe2c587f7de
da7d2418ac86d81f1ae480025f545628cf8c8172269c2be216015419ec425757

Detections

Analyzer	Verdict	Alert
phishtank	Other

HTTP Headers

GET /vc HTTP/1.1
Host: rakuten-userb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 12:36:44 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ccdce00fd1b30bda97470357fa0cf19d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnMsHD0l5md8yiZME%2FMwXpMXrplIiTQVgfOMwkJ1SgbNjp%2BxPpFRyQ4Tl86r8MLbKn5sjH3A4KtlEfkxU6UDmSPE%2Fa9Ht0jRbCk%2BXo6RyjZUfXcDya6psN34IRwBHuVUpoxU6DyvOXtc8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0fbe5dcf311c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rakuten-userb.pages.dev/assets/js/getpage.js

172.66.44.160

200 OK

1.8 kB

URL GET HTTP/3
rakuten-userb.pages.dev/assets/js/getpage.js
IP
172.66.44.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rakuten-userb.pages.dev/vc
Certificate
IssuerGoogle Trust Services LLC
Subjectrakuten-userb.pages.dev
Fingerprint1C:6F:47:B5:38:80:91:9F:7E:4A:58:49:88:72:5A:A9:6B:BA:40:F3
ValidityMon, 22 May 2023 12:56:23 GMT - Sun, 20 Aug 2023 12:56:22 GMT

File type
ASCII text, with very long lines (1961), with no line terminators
Size
1.8 kB (1771 bytes)
Hash
9b78cadb8b208e961217518280118baa
6e7f6dcde583a9e91e695c400708c4fa253ff6b4
30cbca8efaf19abf605b9a0d17a1bb302604838acb5b952963545c64b3fb3072

HTTP Headers

GET /assets/js/getpage.js HTTP/1.1
Host: rakuten-userb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rakuten-userb.pages.dev/vc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 12:36:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3632d06f44c9f4de560ad51912238bd1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZrr5XYn8Mwm8e0cjnh35DPFzB2ZHNVOkcLTMP69y5WbMlLMWsWrFIwKrDU3%2B7G%2Fa1FtG45Tikud3pA3opc3BZBgLFrD%2FkNnkI0PxW6wEFqIeH62nyesGCL1hx94V6eYuWGpZhy28fwMog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0fbe612acc0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rakuten-userb.pages.dev/favicon.ico

172.66.44.160

200 OK

68 B

URL GET HTTP/3
rakuten-userb.pages.dev/favicon.ico
IP
172.66.44.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rakuten-userb.pages.dev/vc
Certificate
IssuerGoogle Trust Services LLC
Subjectrakuten-userb.pages.dev
Fingerprint1C:6F:47:B5:38:80:91:9F:7E:4A:58:49:88:72:5A:A9:6B:BA:40:F3
ValidityMon, 22 May 2023 12:56:23 GMT - Sun, 20 Aug 2023 12:56:22 GMT

File type
HTML document, ASCII text, with no line terminators
Size
68 B (68 bytes)
Hash
eee933840f27efaa003047422dc7618a
67a1c1f82de786128ab12e6e637cab4c85b9434b
51c56e0ae28a24e25409b8f2a55c2136984ba69fbfec20508c75c33b0393ca87

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rakuten-userb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rakuten-userb.pages.dev/vc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 12:36:46 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"115ed82a84ac73ceda9b11aa91556e64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvVXR2zK8nW9GnNudmhRO9CU3H10FvB0bnNcfbVV923T0st%2BDbpfHlx%2FRK6VFcSnBBOHgaYwz1%2BwBN96914YySTF9plv0MU0xOu8enLfNW8yUotpsUtaf%2FZEUCqbTbhMLemT7J%2FSAkhLzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0fbe6f1fc80b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (4)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers