Report - klolamna226haja.duckdns.org/Info_help.php?/pages_recovery

Report Overview

Visited public
2023-09-26 12:39:29
Tags
dyndns
URL
klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Finishing URL
klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
IP / ASN
8.219.205.11
#45102 Alibaba US Technology Co., Ltd.
Title
Service Policy
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
klolamna226haja.duckdns.org	unknown	2013-04-12	2023-09-25 19:33:38	2023-09-26 09:41:48	2.5 kB	223 kB	8.219.205.11
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-25 18:12:03	1.7 kB	3.5 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-25 23:16:14	519 B	1.7 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-25 22:05:36	1.6 kB	98 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-26 12:39:12	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:12	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:12	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:12	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:12	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:12	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:14	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-26 12:39:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:14	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:15	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-26 12:39:15	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-26 12:39:15	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-26 12:39:15	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-26 12:39:15	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-26 12:39:15	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-26 12:39:16	medium	Client IP	8.219.205.11	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-25	medium	klolamna226haja.duckdns.org/	Facebook, Inc.
2023-09-25	medium	klolamna226haja.duckdns.org/	Facebook, Inc.
2023-09-25	medium	klolamna226haja.duckdns.org/	Facebook, Inc.
2023-09-25	medium	klolamna226haja.duckdns.org/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed
2023-09-26	medium	klolamna226haja.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec IP 8.219.205.11 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 13:19 Times Seen4636141 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (15)

URL IP Response Size

klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

8.219.205.11

200 OK

1.6 kB

URL User Request GET HTTP/1.1
klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (400), with CRLF line terminators
Size
1.6 kB (1578 bytes)
Hash
d11a453d57454db0d4d0d2c62ed165ed
d4ebee4db8dc29f72bee1ec1661c0799df2d76fe
50a904ea94307d040e791dd1a5d28f678a23e11582f9e9f380b67e6f8f2ff0ef

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /Info_help.php?/pages_recovery_disable=rec HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1578
Date: Tue, 26 Sep 2023 12:39:14 GMT
Server: LiteSpeed
Connection: Keep-Alive

klolamna226haja.duckdns.org/css/style.css?v=1303202215

8.219.205.11

200 OK

21 kB

URL GET HTTP/1.1
klolamna226haja.duckdns.org/css/style.css?v=1303202215
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

File type
ASCII text, with very long lines (20884), with CRLF line terminators
Size
21 kB (20721 bytes)
Hash
53ec7636cb7cae9a0a4961c6cfd22a77
c8b4200836da5bc800b30fc82e2b07dd1b7e4c53
310f43dcf89e7e2126985250d62f18207e0b481057279af831869128209ea884

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/style.css?v=1303202215 HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:39:14 GMT
Etag: "18554-62f8fea8-140bc3;gz"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: text/css
Content-Length: 20721
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 26 Sep 2023 12:39:14 GMT
Server: LiteSpeed
Connection: Keep-Alive

klolamna226haja.duckdns.org/css/bootstrap.min.css?v=270420211500

8.219.205.11

200 OK

24 kB

URL GET HTTP/1.1
klolamna226haja.duckdns.org/css/bootstrap.min.css?v=270420211500
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

File type
ASCII text, with very long lines (65321), with CRLF line terminators
Size
24 kB (24071 bytes)
Hash
10cc184341f423c35e86fd66db8800da
25bdcd25627b363852374aaf7cb66987ed20aa81
7760b7a07a154b900ace3b13f53360f05255e3f9332fa702cff0e01af1331694

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/bootstrap.min.css?v=270420211500 HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:39:14 GMT
Etag: "27617-62f8fea8-140bc2;gz"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: text/css
Content-Length: 24071
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 26 Sep 2023 12:39:14 GMT
Server: LiteSpeed
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ca3afb7df10c01fb4a7514ea3f1493e1
7b234d99c8683384c389995c31d4b60b65ae8c53
d2c2bf4568670b4bce7bb07cdc36f0df66139b5eef889b07519607556dab1a53

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 26 Sep 2023 12:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
gzip compressed data, max compression\012- data
Size
1.1 kB (1070 bytes)
Hash
76a5719af374aaf5d77b3a00c4be5718
efafb5c07c621e173956ec131da77bed0e8ffb04
c939f8d75337e33e51a3054524563245ea990845282b391656f75bddf0ee88a2

HTTP Headers

GET /css?family=Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 26 Sep 2023 12:39:15 GMT
date: Tue, 26 Sep 2023 12:39:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
178dd930993366d9bb01d73e2960a0c5
8b316934e079b21ca97a190c864b937c00c677a6
41a94531c3c30183ccecbebd35c18f2e201bcfd8c8184d579725bb5124971baf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 26 Sep 2023 12:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
178dd930993366d9bb01d73e2960a0c5
8b316934e079b21ca97a190c864b937c00c677a6
41a94531c3c30183ccecbebd35c18f2e201bcfd8c8184d579725bb5124971baf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 26 Sep 2023 12:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
178dd930993366d9bb01d73e2960a0c5
8b316934e079b21ca97a190c864b937c00c677a6
41a94531c3c30183ccecbebd35c18f2e201bcfd8c8184d579725bb5124971baf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 26 Sep 2023 12:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Size
35 kB (34852 bytes)
Hash
0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

HTTP Headers

GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 14:54:30 GMT
expires: Fri, 20 Sep 2024 14:54:30 GMT
cache-control: public, max-age=31536000
age: 423885
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2

216.58.207.227

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 30480, version 1.0\012- data
Size
30 kB (30480 bytes)
Hash
0e7e5f9d3a8ef121149827180b790b5c
0e9f9333078e5df9245630ff6f68ba1d9da3c403
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30480
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 10:25:48 GMT
expires: Sat, 21 Sep 2024 10:25:48 GMT
cache-control: public, max-age=31536000
age: 353607
last-modified: Wed, 27 Apr 2022 16:04:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

216.58.207.227

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29752, version 1.0\012- data
Size
30 kB (29752 bytes)
Hash
ab1fc8621287e4ea9319a3136812cf80
fb4ed2e52e2a8d7ac50a7618a0c2ea5507a24ef3
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://klolamna226haja.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 23 Sep 2023 07:57:45 GMT
expires: Sun, 22 Sep 2024 07:57:45 GMT
cache-control: public, max-age=31536000
age: 276090
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

klolamna226haja.duckdns.org/img/sigm.jpeg

8.219.205.11

200 OK

8.0 kB

URL GET HTTP/1.1
klolamna226haja.duckdns.org/img/sigm.jpeg
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 455x468, components 3\012- data
Size
8.0 kB (8008 bytes)
Hash
12f4bd2079c4b5898b26bd39f59fcea1
fc3bc53e784471c90447f617fa71f51d291a8ef4
b4256b342b4e020cf299351736c24859aae325ec184db113199b79b03b953186

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/sigm.jpeg HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:39:15 GMT
Etag: "1f48-62f8fea8-140bd9;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/jpeg
Content-Length: 8008
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:39:15 GMT
Server: LiteSpeed
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
178dd930993366d9bb01d73e2960a0c5
8b316934e079b21ca97a190c864b937c00c677a6
41a94531c3c30183ccecbebd35c18f2e201bcfd8c8184d579725bb5124971baf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 26 Sep 2023 12:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

klolamna226haja.duckdns.org/img/martambuah.png

8.219.205.11

200 OK

112 kB

URL GET HTTP/1.1
klolamna226haja.duckdns.org/img/martambuah.png
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

File type
PNG image data, 3840 x 2160, 4-bit colormap, non-interlaced\012- data
Size
112 kB (111916 bytes)
Hash
58a703d6c348aa44fa84fa35b227aa2b
d4e8986df72129b203603eb3106214e4f9125e80
d577198130d641e753e3d89a453ffcc7650e4f40b62cd0063ab152f8e55443b0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/martambuah.png HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:39:15 GMT
Etag: "1b52c-62f8fea8-140bd4;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/png
Content-Length: 111916
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:39:15 GMT
Server: LiteSpeed
Connection: Keep-Alive

klolamna226haja.duckdns.org/img/icon.png

8.219.205.11

200 OK

55 kB

URL GET HTTP/1.1
klolamna226haja.duckdns.org/img/icon.png
IP
8.219.205.11:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec

File type
PNG image data, 1120 x 1120, 8-bit/color RGBA, non-interlaced\012- data
Size
55 kB (54897 bytes)
Hash
42514bf183be76a24b6e2423f8c68528
64c4984893cd26c1d91398609ee6432bc55de412
53357225f5e7edb5d4cc2009057a543258fb8bf11a8b17a6056b6f8e5a7370e5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/icon.png HTTP/1.1
Host: klolamna226haja.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://klolamna226haja.duckdns.org/Info_help.php?/pages_recovery_disable=rec
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Tue, 03 Oct 2023 12:39:15 GMT
Etag: "d671-62f8fea8-140bc6;;;"
Last-Modified: Sun, 14 Aug 2022 13:54:48 GMT
Content-Type: image/png
Content-Length: 54897
Accept-Ranges: bytes
Date: Tue, 26 Sep 2023 12:39:15 GMT
Server: LiteSpeed
Connection: Keep-Alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN