klolamna226haja.duckdns.org/Recovery_safety.php
1.6 kB URL User Request GET klolamna226haja.duckdns.org/Recovery_safety.php
IP
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (400), with CRLF line terminators
Hash d929b4030bf17ec7a4365ce68859be3a
86376db1a62f9728b5ad1ab908ea2dadc8513c93
dd8e8acc05299e935d70aac1df3851affd7ba6fc4a647cfa190c4b57dd541e16
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
OpenPhish phishing Facebook, Inc.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Recovery_safety.php HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1614
Date: Tue, 26 Sep 2023 12:37:58 GMT
Server: LiteSpeed
Connection: Keep-Alive
klolamna226haja.duckdns.org/css/style.css?v=1303202215
200 OK 21 kB URL GET HTTP/1.1 klolamna226haja.duckdns.org/css/style.css?v=1303202215
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
File type ASCII text, with very long lines (20884), with CRLF line terminators
Hash 53ec7636cb7cae9a0a4961c6cfd22a77
c8b4200836da5bc800b30fc82e2b07dd1b7e4c53
310f43dcf89e7e2126985250d62f18207e0b481057279af831869128209ea884
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/style.css?v=1303202215 HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Recovery_safety.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:37:58 GMT
Etag: "18554-62f8fea8-140bc3;gz"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: text/css
Content-Length: 20721
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 26 Sep 2023 12:37:58 GMT
Server: LiteSpeed
Connection: Keep-Alive
klolamna226haja.duckdns.org/css/bootstrap.min.css?v=270420211500
200 OK 24 kB URL GET HTTP/1.1 klolamna226haja.duckdns.org/css/bootstrap.min.css?v=270420211500
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
File type ASCII text, with very long lines (65321), with CRLF line terminators
Hash 10cc184341f423c35e86fd66db8800da
25bdcd25627b363852374aaf7cb66987ed20aa81
7760b7a07a154b900ace3b13f53360f05255e3f9332fa702cff0e01af1331694
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
OpenPhish phishing Facebook, Inc.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /css/bootstrap.min.css?v=270420211500 HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Recovery_safety.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:37:58 GMT
Etag: "27617-62f8fea8-140bc2;gz"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: text/css
Content-Length: 24071
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 26 Sep 2023 12:37:58 GMT
Server: LiteSpeed
Connection: Keep-Alive
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2
200 OK 30 kB URL GET HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2
IP
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 30480, version 1.0\012- data
Hash 0e7e5f9d3a8ef121149827180b790b5c
0e9f9333078e5df9245630ff6f68ba1d9da3c403
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c
GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30480
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 10:25:48 GMT
expires: Sat, 21 Sep 2024 10:25:48 GMT
cache-control: public, max-age=31536000
age: 353531
last-modified: Wed, 27 Apr 2022 16:04:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
200 OK 30 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
IP
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT
File type gzip compressed data, max compression\012- data
Hash 67054cd585db00dac9f90a47b33854f1
a2260413e2f3e87e5e51b44208af71c07ebb9a55
09c6fee4e4eeb08108580329899e3bcf71396b0e64d5bf26eb446833b31f5383
GET /css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 26 Sep 2023 12:37:59 GMT
date: Tue, 26 Sep 2023 12:37:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
200 OK 35 kB URL GET HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 14:54:30 GMT
expires: Fri, 20 Sep 2024 14:54:30 GMT
cache-control: public, max-age=31536000
age: 423809
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
klolamna226haja.duckdns.org/img/sigm.jpeg
200 OK 8.0 kB URL GET HTTP/1.1 klolamna226haja.duckdns.org/img/sigm.jpeg
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 455x468, components 3\012- data
Hash 12f4bd2079c4b5898b26bd39f59fcea1
fc3bc53e784471c90447f617fa71f51d291a8ef4
b4256b342b4e020cf299351736c24859aae325ec184db113199b79b03b953186
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
OpenPhish phishing Facebook, Inc.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /img/sigm.jpeg HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Recovery_safety.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:37:59 GMT
Etag: "1f48-62f8fea8-140bd9;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/jpeg
Content-Length: 8008
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:37:59 GMT
Server: LiteSpeed
Connection: Keep-Alive
klolamna226haja.duckdns.org/img/martambuah.png
200 OK 112 kB URL GET HTTP/1.1 klolamna226haja.duckdns.org/img/martambuah.png
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
File type PNG image data, 3840 x 2160, 4-bit colormap, non-interlaced\012- data
Size 112 kB (111916 bytes)
Hash 58a703d6c348aa44fa84fa35b227aa2b
d4e8986df72129b203603eb3106214e4f9125e80
d577198130d641e753e3d89a453ffcc7650e4f40b62cd0063ab152f8e55443b0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
OpenPhish phishing Facebook, Inc.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /img/martambuah.png HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Recovery_safety.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:37:59 GMT
Etag: "1b52c-62f8fea8-140bd4;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/png
Content-Length: 111916
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:37:59 GMT
Server: LiteSpeed
Connection: Keep-Alive
klolamna226haja.duckdns.org/img/icon.png
200 OK 55 kB URL GET HTTP/1.1 klolamna226haja.duckdns.org/img/icon.png
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
File type PNG image data, 1120 x 1120, 8-bit/color RGBA, non-interlaced\012- data
Hash 42514bf183be76a24b6e2423f8c68528
64c4984893cd26c1d91398609ee6432bc55de412
53357225f5e7edb5d4cc2009057a543258fb8bf11a8b17a6056b6f8e5a7370e5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
OpenPhish phishing Facebook, Inc.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /img/icon.png HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Recovery_safety.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:38:00 GMT
Etag: "d671-62f8fea8-140bc6;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/png
Content-Length: 54897
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:38:00 GMT
Server: LiteSpeed
Connection: Keep-Alive
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
200 OK 30 kB URL GET HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
IP
Requested by http://klolamna226haja.duckdns.org/Recovery_safety.php
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 29752, version 1.0\012- data
Hash ab1fc8621287e4ea9319a3136812cf80
fb4ed2e52e2a8d7ac50a7618a0c2ea5507a24ef3
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 23 Sep 2023 07:57:45 GMT
expires: Sun, 22 Sep 2024 07:57:45 GMT
cache-control: public, max-age=31536000
age: 276014
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
8.219.205.11
216.58.207.227