Report - 11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa

Report Overview

Submitted URL
11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa
IP
149.28.152.61
ASN
#20473 AS-CHOOPA
Submitted
2023-06-02 00:06:59
Access
public
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
3
Network Intrusion Detection
8
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
11012705-next.work.gd	unknown	2022-06-18	2023-06-01	2023-06-01	831 B	2.0 kB	149.28.152.61
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2023-06-01	506 B	26 kB	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:42	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:42	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:42	medium	Client IP	149.28.152.61	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2023-06-02 00:06:42	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-06-02 00:06:43	medium	Client IP	149.28.152.61	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-01	medium	11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa

149.28.152.61

200 OK

775 B

URL User Request GET HTTP/1.1
11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa
IP
149.28.152.61:80
ASN
#20473 AS-CHOOPA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
775 B (775 bytes)
Hash
f159910654755dbc9a34299ca5d18e9b
fc15aa4e0922c0440a219ef51ec9e0c344ce1c62
73a2e06f2232794dc80abd088e714e34209ec970c11741f17627b26f443f61d4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /?pgviolationid=5dd0cd6760a92aeaba9d29b5aa HTTP/1.1
Host: 11012705-next.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 02 Jun 2023 00:06:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css?q=1685664402

151.101.193.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css?q=1685664402
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
25 kB (25360 bytes)
Hash
abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css?q=1685664402 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://11012705-next.work.gd
DNT: 1
Connection: keep-alive
Referer: http://11012705-next.work.gd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Fri, 02 Jun 2023 00:06:43 GMT
age: 6779219
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1655-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2

11012705-next.work.gd/favicon.ico

149.28.152.61

404 Not Found

801 B

URL GET HTTP/1.1
11012705-next.work.gd/favicon.ico
IP
149.28.152.61:80
ASN
#20473 AS-CHOOPA

Requested by
http://11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
801 B (801 bytes)
Hash
e73a95b9f687eb17713304fe3bc3876c
85f725e8533409e3d985d8e11c190b9bb6c76662
86bbdaf85965d26e0ca58a12abf61e2f946f56f62745e93efaa33115e705dc93

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 11012705-next.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://11012705-next.work.gd/?pgviolationid=5dd0cd6760a92aeaba9d29b5aa
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Fri, 02 Jun 2023 00:06:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"64540b68-5b1"
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers