Report - jonathantwo.com

Report Overview

Submitted URL
jonathantwo.com
IP
104.21.31.124
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 16:40:46
Access
public
Website Title
HTTP Server Test Page powered by CentOS
Final URL
jonathantwo.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jonathantwo.com	unknown	2024-03-22	2024-03-22	2024-04-18	1.8 kB	60 kB	104.21.31.124
www.centos.org	257020	2003-12-04	2012-05-23	2024-04-18	421 B	8.6 kB	81.171.33.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	jonathantwo.com	Sinkholed
2024-05-10	medium	jonathantwo.com	Sinkholed
2024-05-10	medium	jonathantwo.com	Sinkholed
2024-05-10	medium	jonathantwo.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	jonathantwo.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-20
Pretty URL jonathantwo.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.31.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 21:00:58 Times Seen57840 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

HTTP Transactions (5)

URL IP Response Size

jonathantwo.com/poweredby.png

104.21.31.124

200 OK

368 B

URL GET HTTP/3
jonathantwo.com/poweredby.png
IP
104.21.31.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jonathantwo.com/
Certificate
IssuerLet's Encrypt
Subjectjonathantwo.com
Fingerprint64:BE:8C:44:88:97:7C:3C:A8:AC:30:85:1D:8E:BA:66:C7:1A:55:95
ValidityFri, 22 Mar 2024 16:20:08 GMT - Thu, 20 Jun 2024 16:20:07 GMT

File type
PNG image data, 121 x 32, 1-bit colormap, non-interlaced
Size
368 B (368 bytes)
Hash
425a3bef572ffa7e706bd7db8452c733
e28dd656984cc2894d8124c5278789c656f6a9cb
b8b4d1d77597b691918c850953b70c98fa178be28faf756a5aa0dddf8b96ab33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /poweredby.png HTTP/1.1
Host: jonathantwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jonathantwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 16:40:21 GMT
content-type: image/png
content-length: 368
last-modified: Tue, 17 Jan 2023 18:34:24 GMT
etag: "63c6ea30-170"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9qDWODuE08ybGA9eDOAAGXBZxcUOrKlCYGeR8i2joIiJXVw7hBr4kx13Y9wlS2T%2Bq1ECn9aRZLfl23OY%2BPGJQdwEl%2FoV4Nr663bbPyWQeMNq6w9L5acOSbgCRvyHsP5ty8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b5ee0df43b4fd-OSL
alt-svc: h3=":443"; ma=86400

jonathantwo.com/

104.21.31.124

200 OK

56 kB

URL User Request GET HTTP/2
jonathantwo.com/
IP
104.21.31.124:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectjonathantwo.com
Fingerprint64:BE:8C:44:88:97:7C:3C:A8:AC:30:85:1D:8E:BA:66:C7:1A:55:95
ValidityFri, 22 Mar 2024 16:20:08 GMT - Thu, 20 Jun 2024 16:20:07 GMT

File type
HTML document, ASCII text, with very long lines (64885)
Size
56 kB (55524 bytes)
Hash
54af282e76015cf5a008683e94e0abcb
49f4d9fe93c30b8a2c206364ea7cb31dc1501dc2
3b02654468410588e006ef74f689f76fc9ed6ec3df688a156c605013aa27ff57

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: jonathantwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 16:40:21 GMT
content-type: text/html
last-modified: Sun, 27 Jun 2021 23:47:13 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fd7%2BFU0IKsilJTvkGRqYr1QszlxMx38i5YBoHvL%2F6B3A2P4osyTtdvmOy8kAUQPijGIo6n3KxZtRQbiFIh6hlsViteKe5fVZmaKqjOWckoAEasw%2Bc51IuZCl5LMk5L0Vbtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b5ede18275697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.centos.org/favicon.ico

81.171.33.201

404 Not Found

8.1 kB

URL GET HTTP/1.1
www.centos.org/favicon.ico
IP
81.171.33.201:443
ASN
#34343 Eweka Internet Services B.V.

Requested by
https://jonathantwo.com/
Certificate
IssuerLet's Encrypt
Subjectcentos.org
Fingerprint3B:02:8E:21:D6:DB:EC:14:F6:AA:19:82:F8:05:65:9D:79:1A:F3:03
ValidityMon, 11 Mar 2024 06:09:04 GMT - Sun, 09 Jun 2024 06:09:03 GMT

File type
HTML document, ASCII text
Size
8.1 kB (8100 bytes)
Hash
234fee33caea89251f7281aee17d4100
9c50079ff834a185c221c647c0ebbd095a6d88c4
f22a18fd4dd4abfc988a718b6c051c704a53e7bf31243ae3d1e1a0e17b804cc7

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.centos.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jonathantwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 16:40:22 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Last-Modified: Thu, 18 Apr 2024 09:37:47 GMT
ETag: "1fa4-6165bb95cfa2e"
Accept-Ranges: bytes
Content-Length: 8100
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

jonathantwo.com/icons/poweredby.png

104.21.31.124

200 OK

643 B

URL GET HTTP/3
jonathantwo.com/icons/poweredby.png
IP
104.21.31.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jonathantwo.com/
Certificate
IssuerLet's Encrypt
Subjectjonathantwo.com
Fingerprint64:BE:8C:44:88:97:7C:3C:A8:AC:30:85:1D:8E:BA:66:C7:1A:55:95
ValidityFri, 22 Mar 2024 16:20:08 GMT - Thu, 20 Jun 2024 16:20:07 GMT

File type
PNG image data, 51 x 31, 8-bit/color RGBA, non-interlaced
Size
643 B (643 bytes)
Hash
5163fb54cb37a882dac2c56432756c5b
0a1ea24763b6c8b282c0dd762d86cd8afc3d840a
caa2afdd6daf22b5dd9c84219535687afaf1a90fb4f05adebae6ed4eed1b1a67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /icons/poweredby.png HTTP/1.1
Host: jonathantwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jonathantwo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 16:40:21 GMT
content-type: image/png
content-length: 643
last-modified: Sun, 27 Jun 2021 23:47:13 GMT
etag: "60d90e01-283"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MBWOhqdDhlMDBhYt23DGhMhKKGOqJ%2FzWN6NrCikLRBIcqX4hs3o%2BehGgyxyGELUcAJ5nM0W2I4%2BNsnehwQ%2BDZV9hx8qCtMTkLQhv5nYVhAS1aeVmVOScIyHuhaR97irkV2M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b5ee0df3fb4fd-OSL
alt-svc: h3=":443"; ma=86400

jonathantwo.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.31.124

200 OK

1.2 kB

URL GET HTTP/3
jonathantwo.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.31.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jonathantwo.com/
Certificate
IssuerLet's Encrypt
Subjectjonathantwo.com
Fingerprint64:BE:8C:44:88:97:7C:3C:A8:AC:30:85:1D:8E:BA:66:C7:1A:55:95
ValidityFri, 22 Mar 2024 16:20:08 GMT - Thu, 20 Jun 2024 16:20:07 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: jonathantwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jonathantwo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 16:40:21 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 09:31:53 GMT
etag: W/"663b4689-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gzGPYaIqd0T575XQh%2B2%2BYq7wDLaczcXe68uISHYH5YvaYHGULwTKsH1ra3BbI3AHCpg8QTgke%2BnBc4Z2At6HWzu6L5y4e15wnESMjj5enzcb44z8v4bbm2PC7IrrvB7YrfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b5ee0df46b4fd-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 12 May 2024 16:40:21 GMT
cache-control: max-age=172800, public
content-encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash