Report - numvvv.25u.com/

Report Overview

Visited public
2025-01-01 06:21:17
Tags
dyndns
URL
numvvv.25u.com/
Finishing URL
numvvv.25u.com/
IP / ASN
166.88.61.252
#9312 xTom
Title
Number
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
numvvv.25u.com	unknown	2003-06-08	2025-01-01	2025-01-01	5.2 kB	1.2 MB	166.88.61.252
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-01-01	952 B	7.1 kB	185.199.109.133
s11.flagcounter.com	213070	2008-01-09	2012-09-01	2024-12-28	531 B	11 kB	172.93.107.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-01 06:20:52	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:52	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:52	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:54	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:55	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain
2025-01-01 06:20:55	medium	Client IP	166.88.61.252	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	numvvv.25u.com/static/js/main.797c69b5.js	ScriptElement	308 kB	2024-12-03	2025-01-01
Pretty URL numvvv.25u.com/static/js/main.797c69b5.js IP 166.88.61.252 ASN #9312 xTom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-03 17:30 Last Seen2025-01-01 06:21 Times Seen2 Hash d16b356ec51407a5245764c0c6a205e9 8d80324691ce049432b153330e32e2a3fa5d961d 64da9aac707abe81cc35c97acb6fdd0b67e340ca5ef17e79714a0b913aa6509d Loading...

HTTP Transactions (18)

URL IP Response Size

GET numvvv.25u.com/

166.88.61.252

200 OK

462 B

URL User Request GET
numvvv.25u.com/
IP
166.88.61.252:0
ASN
#9312 xTom

File type
HTML document, ASCII text, with very long lines (824), with no line terminators
Size
462 B (462 bytes)
Hash
b4e96d44da8cafe55a202500f13f8cca
5d24c65850d960f40c0226104a1a8584e0dd76e8
d84fb6b317e4ea5813e89f346712d72fe975a9d26865a06cb4716be9041f4bdb

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET / HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:52 GMT
Content-Type: text/html
Last-Modified: Mon, 30 Dec 2024 14:01:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6772a7be-338"
Content-Encoding: gzip

GET numvvv.25u.com/static/css/main.e6c13ad2.css

166.88.61.252

200 OK

337 B

URL GET HTTP/1.1
numvvv.25u.com/static/css/main.e6c13ad2.css
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
ASCII text
Size
337 B (337 bytes)
Hash
9f6fd7b89af737fe9ff6849a58501b1b
67a4e82728379aa61bfe2f1f6e9aacd6b4f6db97
439b3301299d2f3614d9ede61bceaeb7d023f5975147e08f33d6e4ca82cfed56

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /static/css/main.e6c13ad2.css HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:52 GMT
Content-Type: text/css
Content-Length: 337
Last-Modified: Wed, 04 Dec 2024 01:02:54 GMT
Connection: keep-alive
ETag: "674faa3e-151"
Accept-Ranges: bytes

GET numvvv.25u.com/static/js/main.797c69b5.js

166.88.61.252

200 OK

308 kB

URL GET HTTP/1.1
numvvv.25u.com/static/js/main.797c69b5.js
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
308 kB (307734 bytes)
Hash
d16b356ec51407a5245764c0c6a205e9
8d80324691ce049432b153330e32e2a3fa5d961d
64da9aac707abe81cc35c97acb6fdd0b67e340ca5ef17e79714a0b913aa6509d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /static/js/main.797c69b5.js HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:52 GMT
Content-Type: application/javascript
Content-Length: 307734
Last-Modified: Wed, 04 Dec 2024 01:02:54 GMT
Connection: keep-alive
ETag: "674faa3e-4b216"
Accept-Ranges: bytes

GET raw.githubusercontent.com/lazyCloudw/nnnn/develop/src/json/data.json

185.199.109.133

200 OK

2.2 kB

URL GET HTTP/2
raw.githubusercontent.com/lazyCloudw/nnnn/develop/src/json/data.json
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
http://numvvv.25u.com/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JSON text data
Size
2.2 kB (2192 bytes)
Hash
e1022699d5cd7a8a7b11f1c1439a9a09
c6b57cb349dd43f92d6a0b3eca743bafce471bff
7d47aec2e6048dcbe0d9d3a4c98bddcff5f84818bc64344aee84e45771966d5c

HTTP Headers

GET /lazyCloudw/nnnn/develop/src/json/data.json HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://numvvv.25u.com/
Origin: http://numvvv.25u.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"009a24f24b2cc0b22e7cf135714482e02a6bec3e61c3763641b25b974dacf947"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 33C3:23648A:62600CC:66800E1:6774DEC3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 01 Jan 2025 06:20:53 GMT
via: 1.1 varnish
x-served-by: cache-hel1410027-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1735712454.842432,VS0,VE120
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: b93e9d8ab92fbf57496e01650c12ee3b1140794d
expires: Wed, 01 Jan 2025 06:25:53 GMT
source-age: 0
content-length: 2192
X-Firefox-Spdy: h2

GET s11.flagcounter.com/count2/Bawc/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_10/viewers_0/labels_0/pageviews_0/flags_0/percent_0/

172.93.107.85

200 OK

10 kB

URL GET
s11.flagcounter.com/count2/Bawc/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_10/viewers_0/labels_0/pageviews_0/flags_0/percent_0/
IP
172.93.107.85:0
ASN
#23470 RELIABLESITE

Requested by
http://numvvv.25u.com/

File type
PNG image data, 162 x 137, 8-bit/color RGB, non-interlaced
Size
10 kB (10413 bytes)
Hash
947ba4b4daa11073afc84674822086ba
1f1cc19901b544987aa84f127194d333ef6d362c
1fa213f63fc4142c19bdc7fa7814eb1f462c4f6271b42918e564766306a5c47e

HTTP Headers

GET /count2/Bawc/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_10/viewers_0/labels_0/pageviews_0/flags_0/percent_0/ HTTP/1.1
Host: s11.flagcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Jan 2025 06:20:54 GMT
Server: Apache/2.4.37 (AlmaLinux) OpenSSL/1.1.1k
Pragma: no-cache
Cache-control: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

GET numvvv.25u.com/logo192.png

166.88.61.252

404 Not Found

123 B

URL GET HTTP/1.1
numvvv.25u.com/logo192.png
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
37d5c3a24983196361e6ce9b1a499464
2dd5878df894f3c648e42408879e9a61c112d1b3
766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /logo192.png HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

GET raw.githubusercontent.com/lazyCloudw/nnnn/develop/src/json/sellData.json

185.199.109.133

200 OK

3.1 kB

URL GET HTTP/2
raw.githubusercontent.com/lazyCloudw/nnnn/develop/src/json/sellData.json
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
http://numvvv.25u.com/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JSON text data
Size
3.1 kB (3063 bytes)
Hash
8d44fa306e4e0f0d4128874e9e5d6a30
8f4a68cf90df866d155154a0144ad48bcc23885a
421347ae42e8556d542c018a3eb8566f37e20ac1d3a570c054f33bdf6d0b7e9d

HTTP Headers

GET /lazyCloudw/nnnn/develop/src/json/sellData.json HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://numvvv.25u.com/
Origin: http://numvvv.25u.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"e45fdc7933353ec2724b257356f3f8904699fb8eed4e0f8d34da67a9705e6781"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: E8EE:23648A:62600ED:6680111:6774DEC6
content-encoding: gzip
accept-ranges: bytes
date: Wed, 01 Jan 2025 06:20:54 GMT
via: 1.1 varnish
x-served-by: cache-hel1410027-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1735712454.083660,VS0,VE126
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 29f9ed805d19d04e6e2e67d243ab56e17a8b4202
expires: Wed, 01 Jan 2025 06:25:54 GMT
source-age: 0
content-length: 3063
X-Firefox-Spdy: h2

GET numvvv.25u.com/favicon.ico

166.88.61.252

200 OK

9.7 kB

URL GET HTTP/1.1
numvvv.25u.com/favicon.ico
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Size
9.7 kB (9662 bytes)
Hash
9aa2294a45a8f0b7238601aff2ab1520
c20720eff7427d7642670653bc80b73b6a6d2e9d
ae4382149a308ccf8df88d56a01b016ef78bf3784ade51b315f6d52050ef659d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/x-icon
Content-Length: 9662
Last-Modified: Fri, 06 Dec 2024 12:06:12 GMT
Connection: keep-alive
ETag: "6752e8b4-25be"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number159.jpg

166.88.61.252

200 OK

89 kB

URL GET
numvvv.25u.com/img/number159.jpg
IP
166.88.61.252:0
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
89 kB (88646 bytes)
Hash
b158a273c484c7ca79fbe4a9e6a9f036
83858814ffaee08bdd3a4a48c8f641c9d8197ab6
bcbde3c4b06b295505130024b6fa3ee391caaa41699653dfea43096f53552e9a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number159.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 88646
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-15a46"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number152.jpg

166.88.61.252

200 OK

108 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number152.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
108 kB (108469 bytes)
Hash
d5d946fbbbabd8415c99ce6f9b9d282c
2ca9bdef2e887704479a02b80d53157033008596
c4ad0cc792329586fdd6a59772a640eddc7216854b7faf81b85871ff22b824ab

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number152.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 108469
Last-Modified: Tue, 29 Oct 2024 06:58:46 GMT
Connection: keep-alive
ETag: "672087a6-1a7b5"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number150.jpg

166.88.61.252

200 OK

60 kB

URL GET
numvvv.25u.com/img/number150.jpg
IP
166.88.61.252:0
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
60 kB (60283 bytes)
Hash
e8eb82021642729df174633f635be5ea
4edaa9978f66c37fdb27dfe6689f792aa80707d4
27f541d26bcc94d9dbab79b7f5a1cd1ac3be468d8060e7996cafd135a7890992

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number150.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 60283
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-eb7b"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number156.jpg

166.88.61.252

200 OK

68 kB

URL GET
numvvv.25u.com/img/number156.jpg
IP
166.88.61.252:0
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
68 kB (68222 bytes)
Hash
9da825d73a59efef19f5ae6820470ca1
b3d047c4d891a3a81f0461c7c716f9bf00ddf8d2
030a5166b1a138a6780cc28b7f04d61c76b51198f1b764f8c1647a70dcf22b4e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number156.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 68222
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-10a7e"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number155.jpg

166.88.61.252

200 OK

72 kB

URL GET
numvvv.25u.com/img/number155.jpg
IP
166.88.61.252:0
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
72 kB (71618 bytes)
Hash
8fc763144c638eab749ae7ee0af90504
a9122122f73f5770679f9d2ad8cd386eba0e3567
04d509ffa210cafd4825728893a87cc0251f3eb0ba544c7ab43106e098bea5fe

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number155.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 71618
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-117c2"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number154.jpg

166.88.61.252

200 OK

64 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number154.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
64 kB (63706 bytes)
Hash
d090a5bb7bb8ccc12ddd1b410db61724
83439cda03b4e8c3272ebdcba2f85c1597c1876d
5e1e571448a604d7383f093260ce958ce6885164d04b9398dce655504bd9cc77

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number154.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 63706
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-f8da"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number158.jpg

166.88.61.252

200 OK

56 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number158.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
56 kB (56543 bytes)
Hash
c55c8f83edb8242280c72ba13730ca91
03f177d85dd3540b3ee3b3f11785afba68f9444c
bf88ee34c7a1b8de7f7bdd8e28e2242037209096a3bd9d1900154cb8a753ea9e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number158.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:55 GMT
Content-Type: image/jpeg
Content-Length: 56543
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-dcdf"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number153.jpg

166.88.61.252

200 OK

61 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number153.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
61 kB (60672 bytes)
Hash
ce03f677e68bbc912710420e48c781c4
3d4fcfc0561c868e901025106ecbb5b88cc31ffe
19610e6c4b26aba0f01c024e297ebb0fbf80bf2539df4864db8a22e701f6003a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number153.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 60672
Last-Modified: Tue, 29 Oct 2024 06:58:46 GMT
Connection: keep-alive
ETag: "672087a6-ed00"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number157.jpg

166.88.61.252

200 OK

64 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number157.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
64 kB (63842 bytes)
Hash
c3f6aee43561ac5cf25b03be507885c5
7eb1db646f273be3b33ced0695d38d74d8ccbaf4
9954e39574a60159ebf855edf1f66ffb57434b8c3d30861f9aae418b9d503f71

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number157.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:55 GMT
Content-Type: image/jpeg
Content-Length: 63842
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-f962"
Accept-Ranges: bytes

GET numvvv.25u.com/img/number151.jpg

166.88.61.252

200 OK

220 kB

URL GET HTTP/1.1
numvvv.25u.com/img/number151.jpg
IP
166.88.61.252:80
ASN
#9312 xTom

Requested by
http://numvvv.25u.com/

File type
JPEG image data, baseline, precision 8, 1307x633, components 3
Size
220 kB (219968 bytes)
Hash
e7dfee57e8511fb61410ce98ef8dc634
3c192041942d02d6577122ccf8b7b7c84c6c3cfe
340e7b429eae183daaf8d384c7242938f7ec9bdd5fcd20b350459f2ee75b3155

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.25u .com Domain

HTTP Headers

GET /img/number151.jpg HTTP/1.1
Host: numvvv.25u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://numvvv.25u.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Wed, 01 Jan 2025 06:20:54 GMT
Content-Type: image/jpeg
Content-Length: 219968
Last-Modified: Wed, 04 Dec 2024 01:18:24 GMT
Connection: keep-alive
ETag: "674fade0-35b40"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash