Report - login-dana2024-resmi.duckdns.org/

Report Overview

Submitted URL
login-dana2024-resmi.duckdns.org/
IP
139.180.136.134
ASN
#20473 AS-CHOOPA
Submitted
2024-03-29 05:24:48
Access
public
Website Title
DANA | dana.id
Final URL
login-dana2024-resmi.duckdns.org/main.php
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-03-28	466 B	22 kB	104.18.10.207
www.dana.id	702697	2017-07-14	2018-07-06	2024-03-26	435 B	5.8 kB	23.197.207.49
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-03-29	477 B	2.8 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-29	1.7 kB	147 kB	216.58.207.227
login-dana2024-resmi.duckdns.org	unknown	unknown	No data	No data	8.1 kB	201 kB	139.180.136.134
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-03-28	1.5 kB	35 kB	151.101.1.229
code.ionicframework.com	14473	2013-09-02	2014-02-05	2024-03-28	464 B	9.5 kB	104.26.6.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA
2024-03-28	medium	login-dana2024-resmi.duckdns.org/	DANA

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	login-dana2024-resmi.duckdns.org/lib/functions/jquery.mask.min.js	8.0 kB	2023-03-07	2024-04-28
Pretty URL login-dana2024-resmi.duckdns.org/lib/functions/jquery.mask.min.js IP 139.180.136.134 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:57:10 Last Seen2024-04-28 20:10:48 Times Seen582 Hash 3c5a930556557c059672c932ee1cb6f4 210d6bbdf03eb055b3c9f4857ae39a7919298fbd d0ee3b624c75591bb550d49f508a38d0bdff62b8d8a30c59ffaf0c97a4ce494d Loading...

	login-dana2024-resmi.duckdns.org/lib/functions/function.js	751 B	2023-06-26	2024-04-28
Pretty URL login-dana2024-resmi.duckdns.org/lib/functions/function.js IP 139.180.136.134 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 01:49:46 Last Seen2024-04-28 20:10:48 Times Seen469 Hash 2a9d4437a54b47f78477d1459d62c412 2403968db940767ccf7a7e8dcc0b8362765439b4 ba311fcee8109c988cd072dbbbea6e7b0145eb603b2854b650c66050cf75280e Loading...

	login-dana2024-resmi.duckdns.org/lib/functions/jquery.min.js	87 kB	2023-03-07	2024-04-29
Pretty URL login-dana2024-resmi.duckdns.org/lib/functions/jquery.min.js IP 139.180.136.134 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-29 02:04:12 Times Seen26165 Hash 4b57cf46dc8cb95c4cca54afc85e9540 05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855 Loading...

HTTP Transactions (27)

URL IP Response Size

139.180.136.134

4.4 kB

URL
login-dana2024-resmi.duckdns.org/
IP
139.180.136.134:0
ASN
#20473 AS-CHOOPA

File type
HTML document, ASCII text, with very long lines (456)
Size
4.4 kB (4392 bytes)
Hash
2a14b13a87c42253c8f3996885073217
1e2132c01c25358ea308fe131941b90a2a47023f
84d0da3f050772623b63a7378e231a1b3f5fbe534076ec60b8bc7797dfc455da

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET / HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:23 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css

151.101.1.229

928 B

URL
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text
Size
928 B (928 bytes)
Hash
f9faba678c4d6dcfdde69e5b11b37a2e
81a434f94f2b1124f3232bb86f2944f82fb23ac0
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

HTTP Headers

GET /npm/slick-carousel@1.8.1/slick/slick-theme.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"c49-gaQ0+U8rESTzIyu4bylE+C+yOsA"
content-encoding: br
accept-ranges: bytes
date: Fri, 29 Mar 2024 05:24:24 GMT
age: 19633921
x-served-by: cache-fra-eddf8230023-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 928
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css

151.101.1.229

30 kB

URL
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65300)
Size
30 kB (30281 bytes)
Hash
6d9c6fda1e7087224431cc8068bb998f
6273ac1a23d79a122f022f6a87c5b75c2cfafc3a
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf

HTTP Headers

GET /npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://login-dana2024-resmi.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.0-beta1
x-jsd-version-type: version
etag: W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do"
content-encoding: br
accept-ranges: bytes
date: Fri, 29 Mar 2024 05:24:24 GMT
age: 17811308
x-served-by: cache-fra-etou8220113-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30281
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css

151.101.1.229

1.8 kB

URL
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text
Size
1.8 kB (1776 bytes)
Hash
f38b2db10e01b1572732a3191d538707
a94a059b3178b4adec09e3281ace2819a30095a4
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

HTTP Headers

GET /npm/slick-carousel@1.8.1/slick/slick.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
accept-ranges: bytes
date: Fri, 29 Mar 2024 05:24:24 GMT
age: 3029199
x-served-by: cache-fra-eddf8230085-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1776
X-Firefox-Spdy: h2

139.180.136.134

876 B

URL
login-dana2024-resmi.duckdns.org/lib/style/index.css
IP
139.180.136.134:0
ASN
#20473 AS-CHOOPA

File type
ASCII text
Size
876 B (876 bytes)
Hash
165d83f808e6913fe870a6ff0766e777
3672b80d18163e49fb60390094778d79c74f9e82
542138a8793d3a960071709bbe6fe6a073df656b29804a38ad9d50d43e97eb99

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/style/index.css HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:24 GMT
Server: Apache
Last-Modified: Wed, 02 Nov 2022 06:24:28 GMT
Accept-Ranges: bytes
Content-Length: 876
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

139.180.136.134

1.5 kB

URL
login-dana2024-resmi.duckdns.org/assets/img/dana_text.png
IP
139.180.136.134:0
ASN
#20473 AS-CHOOPA

File type
PNG image data, 252 x 58, 8-bit colormap, non-interlaced
Size
1.5 kB (1466 bytes)
Hash
fd841b9e9127fb1190033b5194629e01
3e0110740cfb85144a8c31836dc5d72af8545a3c
7b29d4f79db97e3b622e8e4ff6fc2cc8e12189d1b32e105fb48315b2c052c339

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/dana_text.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:24 GMT
Server: Apache
Last-Modified: Mon, 31 Oct 2022 06:38:06 GMT
Accept-Ranges: bytes
Content-Length: 1466
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css

104.26.6.173

8.5 kB

URL
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP
104.26.6.173:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (50806)
Size
8.5 kB (8508 bytes)
Hash
1690997909aae14b023a6580d4a2f33f
a4fd9551382a3b5c9c43e14adb8c4c4149cd2352
92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286

HTTP Headers

GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 05:24:24 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
access-control-allow-origin: *
etag: W/"64382bc3-c854"
expires: Tue, 26 Mar 2024 23:51:35 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-github-request-id: CE2C:362DB4:136FD0C:13AF4B2:66035D6A
via: 1.1 varnish
age: 21113
x-served-by: cache-osl6520-OSL
x-cache: HIT
x-cache-hits: 1
x-timer: S1711668751.159811,VS0,VE2
vary: Accept-Encoding
x-fastly-request-id: 57b2cecbc71a7948b1581857fafc589d71c6ae70
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcYXhHntJbbM29CxMsVZCEk8j2pFUNtMl0hjfZs50PCCHSJWPXYvCn28bfXsGPIULpZB5vuQ%2F1Qqik2kmBMcp8zSxUlnUL2v109p7kp08ao5m6T0WmDWu7lijWVVnxxD5h3x5AJqgq44"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bd6ef2dd2256cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css

104.18.10.207

21 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
21 kB (20871 bytes)
Hash
5d5357cb3704e1f43a1f5bfed2aebf42
08df9a96752852f2cbd310c30facd934e348c2c5
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

HTTP Headers

GET /bootstrap/3.3.5/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 05:24:24 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5d5357cb3704e1f43a1f5bfed2aebf42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 07/07/2023 01:09:13
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1076
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0ad4fc24207cad41168348671d66aef9
cdn-cache: HIT
cf-cache-status: HIT
age: 10724207
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 86bd6ef28b3156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.dana.id/favicon.ico

23.197.207.49

5.2 kB

URL
www.dana.id/favicon.ico
IP
23.197.207.49:0
ASN
#20940 Akamai International B.V.

File type
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Size
5.2 kB (5210 bytes)
Hash
8f1bac7ae69451bdf9c44b09577cf28c
4fe47a2d13f8b8bdf5966dc6c4e9e245b00e91c1
8cd0ee2909907b3b0f78d1fd1e7223e2ecc90069261768d98c4b8c7cbee0f9f5

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.dana.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
last-modified: Tue, 11 Apr 2023 09:54:24 GMT
etag: "64352e50-18c5f"
x-ua-compatible: IE=Edge
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-length: 5210
cache-control: public, no-transform, max-age=5739819
date: Fri, 29 Mar 2024 05:24:24 GMT
vary: Accept-Encoding
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1711689864701_398839597_29392415_55_10021_8_30_21";dur=1
X-Firefox-Spdy: h2

139.180.136.134

35 kB

URL
login-dana2024-resmi.duckdns.org/assets/img/footer.jpg
IP
139.180.136.134:0
ASN
#20473 AS-CHOOPA

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 814x167, components 3
Size
35 kB (35291 bytes)
Hash
c562bd188dc2a037a7802f007e864e75
79175aec8e6fc423994abc828524891be8f60132
d55b6db488cde763d6b9f8793537a30a9ea4238be9cf270d9b0dd47f7fe0f7ee

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/footer.jpg HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:24 GMT
Server: Apache
Last-Modified: Wed, 02 Nov 2022 05:17:24 GMT
Accept-Ranges: bytes
Content-Length: 35291
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

139.180.136.134

200 OK

2.4 kB

URL User Request GET HTTP/1.1
login-dana2024-resmi.duckdns.org/main.php
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
HTML document, ASCII text
Size
2.4 kB (2417 bytes)
Hash
cb7fb7d8fe37e5480f9a71f4d7122b83
df399e4538fe67315f0df76839288c2ddd188aff
27b2bca74fb324962f9119652dd40ad6c6458da3a986e82a7d155e929527bbbc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /main.php HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

139.180.136.134

200 OK

2.4 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/lib/style/main.css
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
ASCII text
Size
2.4 kB (2435 bytes)
Hash
fb7ecbfba8215376b4b57a896cb58c4b
79d7313443b99a7e2a677c7a072c881e8273914f
385f9789b1a2ff6a4673485b30b4c044495214755a09405d34011f2677e1f7f3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/style/main.css HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Fri, 14 Jul 2023 00:13:18 GMT
Accept-Ranges: bytes
Content-Length: 2435
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

139.180.136.134

200 OK

1.2 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/lib/style/spinner.css
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
ASCII text
Size
1.2 kB (1191 bytes)
Hash
a395b035c48b175f14215a5bf82f9fad
fb2613f099a8771589454c9250c2db89ce48c594
822ef09afb75295a7e0be229069b971e893b81a4df6996328f434cc8670a3b8c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/style/spinner.css HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Wed, 02 Nov 2022 00:00:32 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap

142.250.74.106

200 OK

2.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
gzip compressed data, max compression
Size
2.2 kB (2155 bytes)
Hash
33bafc2c13f3b4ef127c95d43fdf8cb8
850a1f0fc64ad4c4ad89eb427cef4c94fccdf5c4
76ca71d1c9d2e61c45f230184fcbb3fbf8550ec03c79a37699299afe3edc3e08

HTTP Headers

GET /css2?family=Open+Sans:wght@400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 05:24:28 GMT
date: Fri, 29 Mar 2024 05:24:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.180.136.134

200 OK

751 B

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/lib/functions/function.js
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
JavaScript source, ASCII text
Size
751 B (751 bytes)
Hash
2a9d4437a54b47f78477d1459d62c412
2403968db940767ccf7a7e8dcc0b8362765439b4
ba311fcee8109c988cd072dbbbea6e7b0145eb603b2854b650c66050cf75280e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/functions/function.js HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Fri, 14 Jul 2023 00:08:04 GMT
Accept-Ranges: bytes
Content-Length: 751
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/javascript

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://login-dana2024-resmi.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:35:00 GMT
expires: Fri, 28 Mar 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 96568
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://login-dana2024-resmi.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:35:00 GMT
expires: Fri, 28 Mar 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 96568
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://login-dana2024-resmi.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:35:00 GMT
expires: Fri, 28 Mar 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 96568
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.180.136.134

200 OK

13 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/dana_logo.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 382 x 112, 8-bit/color RGBA, interlaced
Size
13 kB (12786 bytes)
Hash
6fd5a7d18a8f7c04bc5effcdc5235987
c4852c577f44fcdf78fb439a30ea2c6c6983b140
c67e5431f9c00bb690ea8b8add63d5ca9250bf2925f2c2a691eeee498ac75853

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/dana_logo.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Mon, 31 Oct 2022 06:38:08 GMT
Accept-Ranges: bytes
Content-Length: 12786
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

8.0 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/lib/functions/jquery.mask.min.js
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
JavaScript source, ASCII text, with very long lines (551)
Size
8.0 kB (7996 bytes)
Hash
3c5a930556557c059672c932ee1cb6f4
210d6bbdf03eb055b3c9f4857ae39a7919298fbd
d0ee3b624c75591bb550d49f508a38d0bdff62b8d8a30c59ffaf0c97a4ce494d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/functions/jquery.mask.min.js HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Tue, 01 Nov 2022 14:40:26 GMT
Accept-Ranges: bytes
Content-Length: 7996
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript

139.180.136.134

200 OK

1.1 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/back.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1091 bytes)
Hash
17f283c873070f034cb9ef54a1a0c853
68850d1e164c97993dc91ed47e95ed40feaf95e2
56a3d46407a0b9246a8daf55b136656b08b23a07948e524df10bba09d94b41f5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/back.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Mon, 31 Oct 2022 06:11:12 GMT
Accept-Ranges: bytes
Content-Length: 1091
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

741 B

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/indo.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 80 x 45, 8-bit colormap, non-interlaced
Size
741 B (741 bytes)
Hash
c15c95b8db17f44e5826bb7839278578
5be0ab5aba6201a0a3a3423f9db8008ed2385430
af52bfb0ab7606d185db1457ddc3edceb61c7fe9675e099cae3e3be1eccf152c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/indo.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 18:42:20 GMT
Accept-Ranges: bytes
Content-Length: 741
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

87 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/lib/functions/jquery.min.js
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86926 bytes)
Hash
4b57cf46dc8cb95c4cca54afc85e9540
05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /lib/functions/jquery.min.js HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Tue, 01 Nov 2022 14:40:30 GMT
Accept-Ranges: bytes
Content-Length: 86926
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript

139.180.136.134

200 OK

7.9 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/load_bg.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 300 x 300, 8-bit gray+alpha, non-interlaced
Size
7.9 kB (7863 bytes)
Hash
bf1d4a90de7e29b2be55237982cb30b4
ef942049631b598767fda52d54458b9f9680ee87
46518758f002d85cff9220609163f23b7e9f8f2721561d1e0ba79c4f17425c58

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/load_bg.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Tue, 01 Nov 2022 20:12:02 GMT
Accept-Ranges: bytes
Content-Length: 7863
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

5.1 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/load_spin.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 200 x 200, 8-bit gray+alpha, non-interlaced
Size
5.1 kB (5078 bytes)
Hash
e8e4e4432355a07040a7327673850223
b07f6cfaacb6a2093778b08dd8d9b8f7d718c119
50b4bad00572d07c6158459a5cb93b1b3f9bdea95d393aa56970afded2f58913

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/load_spin.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:28 GMT
Server: Apache
Last-Modified: Tue, 01 Nov 2022 20:12:08 GMT
Accept-Ranges: bytes
Content-Length: 5078
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

768 B

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/favicon/favicon-16x16.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
768 B (768 bytes)
Hash
9c237fdaf513b1de8a5c885cc339ab14
99605f4126631e418dd9ae9a0580e229b889f6be
98de91ef2980f306d783292453164b76a7fc9f67f4352d5c82a4827702024388

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/favicon/favicon-16x16.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:29 GMT
Server: Apache
Last-Modified: Wed, 02 Nov 2022 08:48:18 GMT
Accept-Ranges: bytes
Content-Length: 768
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

139.180.136.134

200 OK

25 kB

URL GET HTTP/1.1
login-dana2024-resmi.duckdns.org/assets/img/favicon/apple-touch-icon.png
IP
139.180.136.134:443
ASN
#20473 AS-CHOOPA

Requested by
https://login-dana2024-resmi.duckdns.org/main.php
Certificate
IssuerLet's Encrypt
Subjectwww.login-dana2024-resmi.duckdns.org
Fingerprint9B:27:53:ED:FE:13:FD:39:CE:DF:F3:70:97:18:0A:B4:4A:95:16:A0
ValidityThu, 28 Mar 2024 12:36:42 GMT - Wed, 26 Jun 2024 12:36:41 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
25 kB (25146 bytes)
Hash
7f5605d87563fde0035dda6b741020c1
34373fc74f78f5da678f82cf3261dd45aa93a665
21be7b34d93ddd125e009d7b8cd6efa0f7992bc907374ec0887a333c99d212c3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	DANA

HTTP Headers

GET /assets/img/favicon/apple-touch-icon.png HTTP/1.1
Host: login-dana2024-resmi.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-dana2024-resmi.duckdns.org/main.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 05:24:29 GMT
Server: Apache
Last-Modified: Wed, 02 Nov 2022 08:48:18 GMT
Accept-Ranges: bytes
Content-Length: 25146
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN