usps-usa.duckdns.org/c146b89dd55f1d398da2966de1a44c2b/?token=37e01b135dee858b9ccf0f288d285afebb23da3bd39166cdb6ef6af33ccac024890d7e566c68aa83e41e5b87dd1ac22a986344055a7cd0f2357638a97ab3f5d8
143.110.232.17302 Found 0 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/c146b89dd55f1d398da2966de1a44c2b/?token=37e01b135dee858b9ccf0f288d285afebb23da3bd39166cdb6ef6af33ccac024890d7e566c68aa83e41e5b87dd1ac22a986344055a7cd0f2357638a97ab3f5d8
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /c146b89dd55f1d398da2966de1a44c2b/?token=37e01b135dee858b9ccf0f288d285afebb23da3bd39166cdb6ef6af33ccac024890d7e566c68aa83e41e5b87dd1ac22a986344055a7cd0f2357638a97ab3f5d8 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/index.php
143.110.232.17302 Found 2 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/index.php
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index.php HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 81e77f48f75fd1157dc49df034f7f013?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
143.110.232.17301 Moved Permanently 405 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f2061fe1e0f5827d60f13bcb7b50d545
6f2a61fa824d14f92f59adb414b94d0e26983131
b9471321b3bf762a93ab39329311772b89d85d2174cf97365860bb844f17ac0c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /81e77f48f75fd1157dc49df034f7f013?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Sep 2023 05:18:52 GMT
Server: Apache
Location: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Content-Length: 405
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/
143.110.232.17 2 B IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET / HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=0ee227cd50b1614b30ee41fb14c555cf; path=/
Location: d1bf2b4ec4a91e60171a455c0832cbb2?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/d1bf2b4ec4a91e60171a455c0832cbb2?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
143.110.232.17 404 B URL usps-usa.duckdns.org/d1bf2b4ec4a91e60171a455c0832cbb2?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c309b948c7115e0374301f8a0bf6e776
557d2490d5c2233601cd0e60f9b926cdaf853b7c
876423bddd077768f7e5598fc0a13fc61e0b9c6c81a2afd39b0d56f1d0ff84e8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /d1bf2b4ec4a91e60171a455c0832cbb2?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Sep 2023 05:18:53 GMT
Server: Apache
Location: http://usps-usa.duckdns.org/d1bf2b4ec4a91e60171a455c0832cbb2/?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
Content-Length: 404
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/d1bf2b4ec4a91e60171a455c0832cbb2/?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
143.110.232.17 0 B URL usps-usa.duckdns.org/d1bf2b4ec4a91e60171a455c0832cbb2/?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /d1bf2b4ec4a91e60171a455c0832cbb2/?token=ca5ffc4ffdb147edf7162448c932a70c74aa082f0047993588458a341237ac60263efdbb8b7d06c7f3194df9809cfddcbb36601daf81a93a188f90d6f41acd09 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=45aa11468168aeddc41c83db8efa4b33; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
143.110.232.17200 OK 12 kB URL User Request GET HTTP/1.1 usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (420)
Hash 39220b0c7646a8beaccc3eb12ded39d4
50482435b2a7f30422003a90831edb4bba1e9d27
fb65bcae7e1a016f4f5292708b14863e9864323cebbedbfb8bce67b64738aa67
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 16 Sep 2023 05:18:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js
216.58.211.10200 OK 29 kB URL GET HTTP/2 maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js
IP 216.58.211.10:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT
File type ASCII text, with very long lines (1601)
Hash 2005cff13e09393e76f625c7c3e6d0b7
47d240c168d611f38c102cf2b6320ea582e69e46
50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1
GET /maps-api-v3/api/js/38/11/intl/nl_ALL/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 28568
date: Sat, 16 Sep 2023 05:18:54 GMT
expires: Sun, 15 Sep 2024 05:18:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Nov 2019 22:32:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js
216.58.211.10200 OK 54 kB URL GET HTTP/2 maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js
IP 216.58.211.10:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT
File type ASCII text, with very long lines (3412)
Hash 16b73dc0de9683fb153b38cf6b5a6e6d
22261377b57577dcd8046a8970ef5c80aefdf5dc
d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79
GET /maps-api-v3/api/js/38/11/intl/nl_ALL/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 53998
date: Sat, 16 Sep 2023 05:18:54 GMT
expires: Sun, 15 Sep 2024 05:18:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Nov 2019 22:32:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
usps-usa.duckdns.org/content/marktplaats/client.min.css
143.110.232.17404 Not Found 315 B URL GET HTTP/1.1 usps-usa.duckdns.org/content/marktplaats/client.min.css
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /content/marktplaats/client.min.css HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 16 Sep 2023 05:18:54 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/content/marktplaats/normalize.112272e5.css
143.110.232.17404 Not Found 315 B URL GET HTTP/1.1 usps-usa.duckdns.org/content/marktplaats/normalize.112272e5.css
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /content/marktplaats/normalize.112272e5.css HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 16 Sep 2023 05:18:54 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/index.php
143.110.232.17302 Found 2 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/index.php
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index.php HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c2a966c1585542c69e323d96ce87c1ff; path=/
Location: b0db981ec094cad0212aca67bdd572e1?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/b0db981ec094cad0212aca67bdd572e1?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
143.110.232.17 404 B URL usps-usa.duckdns.org/b0db981ec094cad0212aca67bdd572e1?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7482f5aad01e3cb4919950c600354bd6
1db613d4609b1dfc70787c69e6f7cfd08b3b1937
d4de89fe15e2dc898327cbad11ce74bb8ef17d872baa4ceae691c3a8e7d7e158
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /b0db981ec094cad0212aca67bdd572e1?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Sep 2023 05:18:55 GMT
Server: Apache
Location: http://usps-usa.duckdns.org/b0db981ec094cad0212aca67bdd572e1/?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
Content-Length: 404
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
devilsms.live/css/usps/main.css
199.188.200.254200 OK 30 kB URL GET HTTP/2 devilsms.live/css/usps/main.css
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type assembler source, ASCII text, with very long lines (348), with CRLF line terminators
Hash 36277e4fba035d5002b28b28b3656109
244ec24c6b302f36a3a174fc3bf225c3b906603b
877c9ecef0ce6e991b965a744c396fb8f8f3968aefa053c966b1a8e806d77c5a
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/main.css HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 23 Sep 2023 05:18:55 GMT
content-type: text/css
last-modified: Wed, 20 Oct 2021 03:52:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30024
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
usps-usa.duckdns.org/b0db981ec094cad0212aca67bdd572e1/?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
143.110.232.17 0 B URL usps-usa.duckdns.org/b0db981ec094cad0212aca67bdd572e1/?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /b0db981ec094cad0212aca67bdd572e1/?token=1cf8d4f400785e3d55357008321eb302420cf3240700453e30969c1323b4cae1034a33b37f281402ea682115164796e9cb398eb525ddc1eaf76ee985a41633b3 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=8b849216ba391df0fb5506d4f63835a3; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
devilsms.live/css/usps/Marktplaats.Sprite.svg
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Marktplaats.Sprite.svg
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Marktplaats.Sprite.svg HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/css/usps/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/css/usps/Roboto-Regular-webfont.woff2
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Regular-webfont.woff2
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Regular-webfont.woff2 HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/css/usps/Roboto-Light-webfont.woff2
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Light-webfont.woff2
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Light-webfont.woff2 HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/images/logo-mini-sb.png
143.110.232.17200 OK 24 kB URL GET HTTP/1.1 usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/images/logo-mini-sb.png
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 43707dd65a8c8ec7754b7b45fd483488
f258a5de57dfa37baf13296da6055e8f8881d742
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /81e77f48f75fd1157dc49df034f7f013/images/logo-mini-sb.png HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 16 Sep 2023 05:18:55 GMT
Server: Apache
Last-Modified: Sat, 16 Sep 2023 05:18:51 GMT
Accept-Ranges: bytes
Content-Length: 23625
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
devilsms.live/css/usps/Roboto-Regular-webfont.woff
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Regular-webfont.woff
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Regular-webfont.woff HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/css/usps/Roboto-Light-webfont.woff
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Light-webfont.woff
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Light-webfont.woff HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/css/usps/Roboto-Regular-webfont.ttf?v1
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Regular-webfont.ttf?v1
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Regular-webfont.ttf?v1 HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/css/usps/Roboto-Light-webfont.ttf?v1
199.188.200.254404 Not Found 1.2 kB URL GET HTTP/2 devilsms.live/css/usps/Roboto-Light-webfont.ttf?v1
IP 199.188.200.254:443
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerSectigo Limited
Subjectdevilsms.live
Fingerprint72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C
ValidityThu, 18 Aug 2022 00:00:00 GMT - Sat, 16 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
GET /css/usps/Roboto-Light-webfont.ttf?v1 HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usps-usa.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://devilsms.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 16 Sep 2023 05:18:55 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
usps-usa.duckdns.org/content/marktplaats/favicon-192x192.png
143.110.232.17404 Not Found 315 B URL GET HTTP/1.1 usps-usa.duckdns.org/content/marktplaats/favicon-192x192.png
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /content/marktplaats/favicon-192x192.png HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 16 Sep 2023 05:18:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/content/marktplaats/favicon.ico
143.110.232.17404 Not Found 315 B URL GET HTTP/1.1 usps-usa.duckdns.org/content/marktplaats/favicon.ico
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
GET /content/marktplaats/favicon.ico HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usps-usa.duckdns.org/81e77f48f75fd1157dc49df034f7f013/?token=e3af4f0b0bff355508e4c810cc9dbc41c9f94aec7a0da627d0eacaa7f8300c50ae33a7b2c100f08f758d4ca566e6a59bcf02742dbb2d0a0c5b1d36d81ce982ff
Cookie: PHPSESSID=4349d9f6b5a5bd302e3fa97a7aef4249
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 16 Sep 2023 05:18:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/index.php
143.110.232.17302 Found 2 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/index.php
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index.php HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=6d8dc6a43384def499740a2b327cd1b0; path=/
Location: 9b968f12bc64edf305346aa76d6a1690?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/9b968f12bc64edf305346aa76d6a1690?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
143.110.232.17 404 B URL usps-usa.duckdns.org/9b968f12bc64edf305346aa76d6a1690?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d88aaf91f7d09c54b5ddd57aa61ed4dc
00d5ab090b58f47b952095c7c8c62d1843d8a204
4675db182f7feaabc71465ca0aa5779d77af0f0480de85c5eccf20b8c559a7ef
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /9b968f12bc64edf305346aa76d6a1690?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Sep 2023 05:18:57 GMT
Server: Apache
Location: http://usps-usa.duckdns.org/9b968f12bc64edf305346aa76d6a1690/?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
Content-Length: 404
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/9b968f12bc64edf305346aa76d6a1690/?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
143.110.232.17 0 B URL usps-usa.duckdns.org/9b968f12bc64edf305346aa76d6a1690/?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /9b968f12bc64edf305346aa76d6a1690/?token=4f930c799c7c1a2fe4ac010497acf3354fcc3d6eb56cd00680d3c5976ab18287ff40776316e37eb664cdacc10d621f8e912c9242fcaf1cfd8f5be8645dc7b358 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=a96a59f0304e02c616efe24d58193264; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/index.php
143.110.232.17302 Found 2 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/index.php
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index.php HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=243a8fc9f5c357a589fb2808c2329747; path=/
Location: e00fe48ad337e14753e20981433f22d1?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/e00fe48ad337e14753e20981433f22d1?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
143.110.232.17 404 B URL usps-usa.duckdns.org/e00fe48ad337e14753e20981433f22d1?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cf29ca76209becdc909f9e949619c6a1
0dd0c940d664511eb26fd354cccdea980f67161f
8cad4a161135454b89c2efcacc7194c5f97db60e11d43b15a4f27595ffe00bcf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /e00fe48ad337e14753e20981433f22d1?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Sep 2023 05:18:58 GMT
Server: Apache
Location: http://usps-usa.duckdns.org/e00fe48ad337e14753e20981433f22d1/?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
Content-Length: 404
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usps-usa.duckdns.org/e00fe48ad337e14753e20981433f22d1/?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
143.110.232.17 0 B URL usps-usa.duckdns.org/e00fe48ad337e14753e20981433f22d1/?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061
IP 143.110.232.17:0
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /e00fe48ad337e14753e20981433f22d1/?token=b3b76ac6191f7b94688b7f8ed69ac949412990037c4fb16e61c9399f37e3598298ba08fb93eed228f32a062da629926ce993e3d7eb1f2d6615417a8548fa0061 HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:18:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=b97c7b8230b8071bb5c6722840696469; path=/
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
usps-usa.duckdns.org/index.php
143.110.232.17302 Found 0 B URL User Request GET HTTP/1.1 usps-usa.duckdns.org/index.php
IP 143.110.232.17:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subjectmail.usps-usa.duckdns.org
Fingerprint97:33:1A:35:4A:1D:B1:BF:91:34:2A:82:F9:02:CE:B7:C2:2E:28:DF
ValiditySat, 16 Sep 2023 01:03:42 GMT - Fri, 15 Dec 2023 01:03:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /index.php HTTP/1.1
Host: usps-usa.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 16 Sep 2023 05:19:00 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e0a63ff675b129bd071031a5b80aaa16; path=/
Location: https://www.siteground.com
Content-Length: 0
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
www.siteground.com/
34.149.40.93 0 B IP 34.149.40.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.siteground.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 16 Sep 2023 05:19:03 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://eu.siteground.com
set-cookie: PHPSESSID=35f6e1546d9890d15ccd68cd8ac07874; path=/; domain=.siteground.com; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-httpd-modphp: 1
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
x-xss-protection: 1
x-frame-options: DENY
x-server: 0, 0, 0
host-header: 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024
x-proxy-cache: MISS, MISS, MISS
x-proxy-cache-info: d302 NC:000000 UP:SKIP_CACHE_NO_CACHE, d302 NC:000000 UP:SKIP_CACHE_NO_CACHE, d302 NC:000000 UP:SKIP_CACHE_NO_CACHE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
age: 0
via: 1.1 google
X-Firefox-Spdy: h2