Report - capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0

Report Overview

Visited public
2024-07-24 23:45:13
Tags
URL
capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
Finishing URL
capcap.chickenkiller.com/news?q=This%20link%20is%20locked!
IP / ASN
137.184.190.186
#14061 DIGITALOCEAN-ASN
Title
Fox News World RSS Feed - voluptasmqicj.explorexyz.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-24 18:12:02	2.9 kB	8.0 kB	23.33.119.27
capcap.chickenkiller.com	unknown	unknown	No data	No data	2.9 kB	5.4 kB	137.184.190.186
feeds.foxnews.com	160382	1995-06-21	2012-05-24 21:32:56	2024-04-18 14:10:59	450 B	556 B	151.101.194.132
moxie.foxnews.com	868145	1995-06-21	2022-02-24 13:15:58	2024-07-22 16:03:00	436 B	57 kB	23.44.47.206

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-24 23:44:48	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
2024-07-24 23:44:49	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
2024-07-24 23:44:51	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
2024-07-24 23:44:51	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
2024-07-24 23:44:52	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
2024-07-24 23:44:52	medium	Client IP	137.184.190.186	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-07-24	medium	chickenkiller.com	Sinkholed
2024-07-24	medium	chickenkiller.com	Sinkholed
2024-07-24	medium	chickenkiller.com	Sinkholed
2024-07-24	medium	chickenkiller.com	Sinkholed
2024-07-24	medium	chickenkiller.com	Sinkholed
2024-07-24	medium	chickenkiller.com	Sinkholed

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	capcap.chickenkiller.com/news?q=This%20link%20is%20locked!	ScriptElement	0 B	0001-01-01	2025-05-17
Pretty URL capcap.chickenkiller.com/news?q=This%20link%20is%20locked! IP 137.184.190.186 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-17 05:13 Times Seen4704003 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (17)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5cfa548b8248405466811c816fbbff3c
0668073c6de65da3719db67f576f749ed4d671b2
3da98b11157ebe81f3fcc1f827887f0dec819166d907657e6281fb296bb74656

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3DA98B11157EBE81F3FCC1F827887F0DEC819166D907657E6281FB296BB74656"
Last-Modified: Wed, 24 Jul 2024 18:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3437
Expires: Thu, 25 Jul 2024 00:42:04 GMT
Date: Wed, 24 Jul 2024 23:44:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
559312780d7c69aabb31f612abe74b95
0d0356dc28789b5b2b0164783f2c79b6b7b82f6a
20293009653baaf415bde5c2223feb0a6562281a1dfbcc6af42d844341da6d26

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20293009653BAAF415BDE5C2223FEB0A6562281A1DFBCC6AF42D844341DA6D26"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18587
Expires: Thu, 25 Jul 2024 04:54:34 GMT
Date: Wed, 24 Jul 2024 23:44:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
53c120d8bd28a824c423b6b51e6a5f07
8c8f9015ddb4e7bbd18c0b35103ff1e8a0b7d5c1
0ef528831322336534e6b28ac3db61ac793b2b52f700672aee09ee5b1c92a2c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0EF528831322336534E6B28AC3DB61AC793B2B52F700672AEE09EE5B1C92A2C7"
Last-Modified: Wed, 24 Jul 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Thu, 25 Jul 2024 01:12:25 GMT
Date: Wed, 24 Jul 2024 23:44:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b1e4e1a92df74669a74711c4eaef2acc
a26f28116849cc857a0e31e3495f659e0cd36ac4
77f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD"
Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9212
Expires: Thu, 25 Jul 2024 02:18:20 GMT
Date: Wed, 24 Jul 2024 23:44:48 GMT
Connection: keep-alive

capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0

137.184.190.186

458 B

URL
capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
IP
137.184.190.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JavaScript source, ASCII text, with very long lines (398)
Size
458 B (458 bytes)
Hash
0a3e69b8b37a6df0acd7e7f5d9d3b854
680de96cfe2aff1b030bfbd4a7cfa2529993ea61
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0 HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 499
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:48 GMT
Content-Length: 458

capcap.chickenkiller.com/favicon.ico

137.184.190.186

404 Not Found

0 B

URL GET HTTP/1.1
capcap.chickenkiller.com/favicon.ico
IP
137.184.190.186:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 498
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:49 GMT
Content-Length: 0

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Thu, 25 Jul 2024 00:33:09 GMT
Date: Wed, 24 Jul 2024 23:44:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Thu, 25 Jul 2024 00:33:09 GMT
Date: Wed, 24 Jul 2024 23:44:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Thu, 25 Jul 2024 00:33:09 GMT
Date: Wed, 24 Jul 2024 23:44:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Thu, 25 Jul 2024 00:33:09 GMT
Date: Wed, 24 Jul 2024 23:44:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Thu, 25 Jul 2024 00:33:09 GMT
Date: Wed, 24 Jul 2024 23:44:49 GMT
Connection: keep-alive

capcap.chickenkiller.com/t/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0

137.184.190.186

182 B

URL
capcap.chickenkiller.com/t/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
IP
137.184.190.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JavaScript source, ASCII text
Size
182 B (182 bytes)
Hash
e06b4be56d710c6d17e246b065a39489
1833dfbd311276ee8b865d98fda7d497a77917a9
b3b13b0f84ac00011263aa2764ff4754b18a6bc422a63c45e8d22580fe253b4a

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /t/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0 HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://capcap.chickenkiller.com/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 497
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:50 GMT
Content-Length: 182

capcap.chickenkiller.com/favicon.ico

137.184.190.186

404 Not Found

0 B

URL GET HTTP/1.1
capcap.chickenkiller.com/favicon.ico
IP
137.184.190.186:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://capcap.chickenkiller.com/t/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 496
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:51 GMT
Content-Length: 0

capcap.chickenkiller.com/news?q=This%20link%20is%20locked!

137.184.190.186

200 OK

3.2 kB

URL User Request GET HTTP/1.1
capcap.chickenkiller.com/news?q=This%20link%20is%20locked!
IP
137.184.190.186:80
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text
Size
3.2 kB (3207 bytes)
Hash
b776eb60e87de9b3a8ba9ca14960f421
218f15c6ba00b70cef0900ada7ede71a2aa9576b
a9e27864f112aedf9b1a3fdb80c8cc8ba015131753104799b145c28a9030b528

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /news?q=This%20link%20is%20locked! HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://capcap.chickenkiller.com/t/index.php?search=4&d5490&bzibz=35-168&lm=0SX07YC091084&sd=9&page=riro651kpQiqGQ0
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 495
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:52 GMT
Transfer-Encoding: chunked

feeds.foxnews.com/foxnews/world

151.101.194.132

301 Moved Permanently

0 B

URL GET HTTP/2
feeds.foxnews.com/foxnews/world
IP
151.101.194.132:443
ASN
#54113 FASTLY

Requested by
http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!
Certificate
IssuerLet's Encrypt
Subject*.foxnews.com
Fingerprint96:7E:2B:43:6C:42:2F:A4:7A:83:C6:EF:62:23:70:B6:48:25:99:B9
ValiditySun, 21 Jul 2024 04:36:30 GMT - Sat, 19 Oct 2024 04:36:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /foxnews/world HTTP/1.1
Host: feeds.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://capcap.chickenkiller.com/
Origin: http://capcap.chickenkiller.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
retry-after: 0
location: https://moxie.foxnews.com/google-publisher/world.xml
accept-ranges: bytes
date: Wed, 24 Jul 2024 23:44:52 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1721864693.707648,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,POST,OPTIONS
access-control-allow-headers: *
access-control-allow-credentials: false
access-control-max-age: 86400
access-control-expose-headers: etag
content-length: 0
X-Firefox-Spdy: h2

moxie.foxnews.com/google-publisher/world.xml

23.44.47.206

200 OK

56 kB

URL GET HTTP/2
moxie.foxnews.com/google-publisher/world.xml
IP
23.44.47.206:443
ASN
#7545 TPG Telecom Limited

Requested by
http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!
Certificate
IssuerDigiCert Inc
Subjectwildcard.foxnews.com
Fingerprint92:A8:54:5C:8C:E0:75:4A:F7:00:F0:F3:11:9C:A7:9B:3F:E8:BA:BE
ValidityMon, 06 May 2024 00:00:00 GMT - Tue, 06 May 2025 23:59:59 GMT

File type
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (10462)
Size
56 kB (55680 bytes)
Hash
40a6c903fbfd49d71d7ccb940020a15f
3649ed9c884fc6e134d3b8aba68b543187fb64c9
bdca6fbe5623c6a49571403b2cac7c4a14582e6f667d05d9cfdffcdf2110dc76

HTTP Headers

GET /google-publisher/world.xml HTTP/1.1
Host: moxie.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://capcap.chickenkiller.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 55680
x-robots-tag: noindex, nofollow
x-amz-cf-id: 369i0WHOq59LLHqR0bmSb2Tldn0BNW-AF9B5PzvdQbN2kZw_qqHJbw==
x-amz-cf-pop: IAD55-P5
etag: 40a6c903fbfd49d71d7ccb940020a15f
x-amzn-trace-id: Root=1-66a17bf3-139baccc63f293f172efe799;Parent=44293343e28ef28f;Sampled=0;lineage=c27b69c6:0
x-amzn-requestid: b3ceca8d-ab03-4d6b-ae68-4a84adcce285
x-amz-apigw-id: bcBOFHdjIAMEttA=
moxie-version: 1.0
moxie-uptime: 55.00ms
content-type: text/xml;charset=utf-8
content-encoding: gzip
x-debug-path: /prod/fn/google-publisher/world.xml
x-origin: prod_moxie
accept-ranges: bytes
x-served-by: cache-iad-kiad7000170-IAD, cache-iad-kiad7000170-IAD, cache-bma1646-BMA
x-cache-hits: 0, 34, 0
x-timer: S1721864693.809213,VS0,VE1
cache-control: must-revalidate, max-age=75
expires: Wed, 24 Jul 2024 23:46:07 GMT
date: Wed, 24 Jul 2024 23:44:52 GMT
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
x-forwarded-host: moxie.foxnews.com
X-Firefox-Spdy: h2

capcap.chickenkiller.com/favicon.ico

137.184.190.186

404 Not Found

0 B

URL GET HTTP/1.1
capcap.chickenkiller.com/favicon.ico
IP
137.184.190.186:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: capcap.chickenkiller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://capcap.chickenkiller.com/news?q=This%20link%20is%20locked!
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 494
X-Ratelimit-Reset: 1721868288
Date: Wed, 24 Jul 2024 23:44:52 GMT
Content-Length: 0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers