64.15.75.85200 OK 162 B URL User Request GET HTTP/2 IP 64.15.75.85:443
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 12 Apr 2023 06:49:42 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://xkuvzxfsbc.duckdns.org/
Strict-Transport-Security: max-age=31536000
xkuvzxfsbc.duckdns.org/static/gs_vk/reset.css
64.15.75.85200 OK 884 B URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/reset.css
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash a77d6f26781539c015b1b1d84dac9c06
6f9e90a2e3c9f2bcb9337e577150bde1d3a29ccb
e0e6a4ef211b0c936b3a38abe91cda1ebbbcc4a3c2d8e706ef7a1dc2c55427c3
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/reset.css HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: text/css; charset=utf-8
content-length: 884
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/index.css
64.15.75.85200 OK 748 B URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/index.css
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
Hash 91692497e479f6cc955e4de6d627a499
bb57de5c2d4dafee21f66645d776d3064f4b79bd
de36d3e9e989de40ae0bf5252af018ef55fdc0ed938042bdba11147f1127e431
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/index.css HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: text/css; charset=utf-8
content-length: 748
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/syozai_icon.png
64.15.75.85200 OK 1.3 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/syozai_icon.png
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type PNG image data, 15 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d038e6e8e4472bbcf6e5dac6a23d5a0e
fce966980cd73b2d732e0081b7e8dc9751db160d
5aa0964ac2cb5cbb5823d166f55495ac12747f3fbf2b56f7d290ac161eb2aead
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/syozai_icon.png HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: image/png
content-length: 1297
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/banner.png
64.15.75.85200 OK 221 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/banner.png
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type PNG image data, 670 x 238, 8-bit/color RGB, non-interlaced\012- data
Size 221 kB (220877 bytes)
Hash 2f987a1099c7a986fa860cf0e80d7b5d
0a3e6dfbf3b0e7d361ba9fc088e2ef7805ec0310
2fe3b5cadeb4ad9fec7ee39d1f2170c6bb656436597087aa9a582713e53bed75
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/banner.png HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: image/png
content-length: 220877
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/index.png
64.15.75.85200 OK 104 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/index.png
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x516, components 3\012- data
Size 104 kB (104029 bytes)
Hash 3b288cf2cf8b233a1f459e89dc209d79
08aa186779070d33edbca5dece75e2760dfa4065
c0315642042bbc5f62714e1bf1ee5df4fd567a38745af3c67ff09b025a56efbb
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/index.png HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: image/png
content-length: 104029
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/logo.png
64.15.75.85200 OK 3.0 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/logo.png
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type PNG image data, 275 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash c6d404ecaa7646ff497deaad55392996
1c66c5caf35e3e633d1cb1e09a334362ad11f5fb
bf1532dfb899554f52b0a98c2870c9a6f19e6abaf74288c6de321813fed91666
Analyzer Verdict Alert urlquery phishing Phishing - Japan's Tax Agency
urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/logo.png HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: image/png
content-length: 2973
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226 1.4 kB URL ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash c80901b7e0def9b79f4cbfba1176c9b7
aefbdaa98fdcb86ae0c22ae82ff0701a752d7195
cdf284b3e60a63e90a4a0764e1f342bd84fa4f0278b0760899c92174b5ff58cf
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 12 Apr 2023 06:49:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 16 Apr 2023 02:59:36 GMT
ETag: "aefbdaa98fdcb86ae0c22ae82ff0701a752d7195"
Last-Modified: Wed, 12 Apr 2023 02:59:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3184
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b6987f318f0b4f3-OSL
ia.51.la/go1?id=21567201&rt=1681282212300&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1681282212300&tt=&kw=&cu=https%253A%252F%252Fxkuvzxfsbc.duckdns.org%252F&pu=
183.240.166.133200 0 B URL GET HTTP/1.1 ia.51.la/go1?id=21567201&rt=1681282212300&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1681282212300&tt=&kw=&cu=https%253A%252F%252Fxkuvzxfsbc.duckdns.org%252F&pu=
IP 183.240.166.133:443
ASN #56040 China Mobile communications corporation
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint01:A7:6F:50:DD:01:98:A7:1A:CD:49:94:A7:98:FD:12:76:05:A0:30
ValidityTue, 19 Apr 2022 01:59:29 GMT - Sun, 21 May 2023 01:59:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21567201&rt=1681282212300&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1681282212300&tt=&kw=&cu=https%253A%252F%252Fxkuvzxfsbc.duckdns.org%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Content-Length: 0
Date: Wed, 12 Apr 2023 06:49:34 GMT
www.nta.go.jp/template/img/template/headerbackground.jpg
54.230.111.64200 OK 36 kB URL GET HTTP/2 www.nta.go.jp/template/img/template/headerbackground.jpg
IP 54.230.111.64:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerGlobalSign nv-sa
Subjectwww.nta.go.jp
Fingerprint94:25:73:6B:BE:52:CF:C8:1F:DE:4C:DD:D6:41:9F:98:88:12:03:B6
ValidityTue, 28 Mar 2023 06:51:39 GMT - Sun, 28 Apr 2024 06:51:38 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 980x123, components 3\012- data
Hash 9ec081316ee20a07e125203dea3d7c68
8db3749e8ad66f86571a2ff3435d2f666b6640d1
d299b3eea8c890a7c5160a9633470c8973b6bfb19cdd4ccd38e3b78a2558a545
GET /template/img/template/headerbackground.jpg HTTP/1.1
Host: www.nta.go.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 35682
server: Apache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Mon, 06 Feb 2023 01:00:37 GMT
accept-ranges: bytes
date: Wed, 12 Apr 2023 06:44:52 GMT
etag: "8b62-5f3fd8f2a16e8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ubLR9cPQlzMg1eeJRupib-5dY_l2_87c7KaIUvlvlgX4NEw5XYRAHQ==
age: 294
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226 1.4 kB URL ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 67c3d03ee93883f2fa38670341085033
a167585045f12fcc0bac77551003e083a2919343
636eb2731b6f3f687f1570ee57f29a0a76be70ceb646bf37131c6770d0c5cc2a
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 12 Apr 2023 06:49:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 16 Apr 2023 03:53:45 GMT
ETag: "a167585045f12fcc0bac77551003e083a2919343"
Last-Modified: Wed, 12 Apr 2023 03:53:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3086
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b6987f92841b4f3-OSL
xkuvzxfsbc.duckdns.org/favicon.ico
64.15.75.85404 Not Found 2.0 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/favicon.ico
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2415), with no line terminators
Hash c1cf5da19a8f15737587831c34ee54c6
c61e68de344ee958daf8094752ef90c6bdab6272
4a9c6f80c7a867c76e37ba4bf7f7ff68da997bf85a9cea876b1246db1626da55
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /favicon.ico HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f; __tins__21567201=%7B%22sid%22%3A%201681282212300%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201681284012300%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Wed, 12 Apr 2023 06:49:44 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/gs_vk/public.css
64.15.75.85200 OK 2.1 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/gs_vk/public.css
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type Unicode text, UTF-8 text, with very long lines (2168), with no line terminators
Hash 642d54a6ac70f7d584e8a31f1630c5dd
0c3ebb086e0bc0c78817d188e40ebe93a3b40d1b
a426876ea5575b3b55ce0803ea17000a986f181404ae1d0ded18361d778f1a95
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
GET /static/gs_vk/public.css HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 09 Aug 2022 08:07:52 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/js/1.js
64.15.75.85200 OK 4.9 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/js/1.js
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type ASCII text, with very long lines (5147), with no line terminators
Hash 6f14bd58fc8b36d2506dcaca1419badf
ad483109c63413ba98439d69ad375c4a14e10c5d
fa099c77d614234a32c77558629342631665d683a6a54c092a4098f2b99ed7a8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
fortinet Phishing
GET /static/js/1.js HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 11 Mar 2023 08:59:53 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/js/jquery.cookie.js
64.15.75.85200 OK 3.1 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/js/jquery.cookie.js
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type ASCII text, with very long lines (3441), with no line terminators
Hash c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
fortinet Phishing
GET /static/js/jquery.cookie.js HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:10 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xkuvzxfsbc.duckdns.org/static/hau/jquery-1.9.1.min.js
64.15.75.85200 OK 93 kB URL GET HTTP/2 xkuvzxfsbc.duckdns.org/static/hau/jquery-1.9.1.min.js
IP 64.15.75.85:443
Requested by https://xkuvzxfsbc.duckdns.org/
Certificate IssuerLet's Encrypt
Subjectaxvmrrsoor.duckdns.org
Fingerprint7C:86:D4:E3:B0:1C:1B:77:AD:CA:81:8B:B4:23:59:4F:57:00:24:35
ValiditySat, 11 Mar 2023 06:03:01 GMT - Fri, 09 Jun 2023 06:03:00 GMT
File type ASCII text, with very long lines (32089)
Hash 397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish National Tax Agency JAPAN
fortinet Phishing
GET /static/hau/jquery-1.9.1.min.js HTTP/1.1
Host: xkuvzxfsbc.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xkuvzxfsbc.duckdns.org/
Cookie: sessionid=66de6408b32cd4c9db7ed1f19b2cf46f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 12 Apr 2023 06:49:43 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:45:22 GMT
expires: Fri, 12 May 2023 06:49:43 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2