Report - paylib-fr.ddnsking.com/index.php

Report Overview

Visited public
2023-08-09 18:24:19
Tags
dyndns
URL
paylib-fr.ddnsking.com/index.php
Finishing URL
paylib-fr.ddnsking.com/index.php
IP / ASN
164.68.104.41
#51167 Contabo GmbH
Title
Paylib
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
paylib-fr.ddnsking.com	unknown	2014-05-08	2023-08-09 15:06:44	2023-08-09 15:06:44	8.4 kB	549 kB	164.68.104.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-09 18:23:59	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:23:59	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:23:59	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:23:59	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:00	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
2023-08-09 18:24:01	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddnsking .com

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	paylib-fr.ddnsking.com/index.php	ScriptElement	0 B	0001-01-01	2025-05-21
Pretty URL paylib-fr.ddnsking.com/index.php IP 164.68.104.41 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-21 03:55 Times Seen4737215 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (18)

URL IP Response Size

paylib-fr.ddnsking.com/index.php

164.68.104.41

200 OK

1.3 kB

URL User Request GET HTTP/2
paylib-fr.ddnsking.com/index.php
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.3 kB (1340 bytes)
Hash
b0c1477eb9ca21e083164fb81e85c644
b59768e37345c2cd650390d397ac9b0a858236cc
f9d37961f1665f7628e063ebe8f80570490f5402b1235b01e52e945292ba69a4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /index.php HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:02 GMT
content-type: text/html; charset=UTF-8
content-length: 1340
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.29, PleskLin
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/logo.svg

164.68.104.41

200 OK

5.6 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/logo.svg
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5634), with no line terminators
Size
5.6 kB (5634 bytes)
Hash
2d5096823e9c3d729add6e69f8c0383b
1ecd0f07e330bd656c8bcbcc85d88662c1e7398c
40ec31b8ea8568dfb67951e811d94f31fabe1aa4a42c8e496d12e09abb1e9acf

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/logo.svg HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/svg+xml
content-length: 5634
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-1602"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/css2

164.68.104.41

200 OK

2.3 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/css2
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
ASCII text
Size
2.3 kB (2256 bytes)
Hash
4866c14e55e6dc92cf4d45b27a50a7f2
4d2b42520b8806b1719f4815bada279697fe93da
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/css2 HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: application/octet-stream
content-length: 2256
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-8d0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/ca.png

164.68.104.41

200 OK

15 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/ca.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
15 kB (14863 bytes)
Hash
4bc2a4204ac9f0cb62ab5d472d2268d5
3f544a067925285f8c5d1c6480c2a557cbaabb26
0b3ba66aab9447539ce2e024b50cfb49fd077a157b47a281fc6190622c7c37a9

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/ca.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 14863
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-3a0f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/h.png

164.68.104.41

200 OK

21 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/h.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
21 kB (21324 bytes)
Hash
34d75edc98026a5b169fb7eb3c55a1c0
605d9f5cecd2c33b883bd85abe9af59c4b720ab8
9836f31a6bcc79b1dd910c1732543478914ec09dc4b7a8604cbb56e1b8544c8d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/h.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 21324
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-534c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/poste.png

164.68.104.41

200 OK

8.1 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/poste.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
8.1 kB (8143 bytes)
Hash
500902c8e028ed722935a22dd4566729
c6de2a117dfb3d06d2c48283e466453ee780245e
84579fb18260885c0796174d4d8554c80d1e57a528c8c742546945e32c29a81b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/poste.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 8143
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-1fcf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/bnp.png

164.68.104.41

200 OK

42 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/bnp.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
42 kB (42216 bytes)
Hash
79144f0ae415034b84702c5508889114
3d5555cf18873abae6486a68f20768e7da7c85e0
1835fdab88999383fca3a18031e9fa1b907f41ca1e33edec4f467fa44736140e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/bnp.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 42216
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-a4e8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/caisse.png

164.68.104.41

200 OK

11 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/caisse.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11407 bytes)
Hash
f87dfbee29b879ab1a66626ba63908f0
72da4c92ff232a53fc1dca93dbcd3deae120aa35
bc4aba6274b86253d876723f7336864e0ca58fd8d6fb66e67a68b9f0c1e42644

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/caisse.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 11407
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-2c8f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/mutuel.png

164.68.104.41

200 OK

8.6 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/mutuel.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
8.6 kB (8605 bytes)
Hash
ee50ddf1ef09903ffb35451fef580a05
423f74717748c92f561dcb01ddf5ec5bc30dd2ac
8ac2644bc8a80402532dbf543a019117ba482053566c7247cb21e1eedd5b6664

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/mutuel.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 8605
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-219d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/cic.png

164.68.104.41

200 OK

15 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/cic.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
15 kB (14557 bytes)
Hash
48393e92fdb2cfdc2583e8ad3a16499c
3c1dea2ae6136f4f6c5926f7629744cd47edfbb8
9c1f43f66ae42e2b93cb324ce0886ba6e8422923ccf1a6d8364be33e52e0731c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/cic.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 14557
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-38dd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/lcl.png

164.68.104.41

200 OK

14 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/lcl.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
14 kB (14470 bytes)
Hash
7ba43a2469f05d8e0f85e530ad2c1cdb
1685edb18afebe2b1cf7a18ed3e6dff1a72a2545
51c5d4eb2cf78dbd18b7f844cb1020117bf76e8b4a4328a1a1623a78bb5609a0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/lcl.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 14470
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-3886"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/popu.png

164.68.104.41

200 OK

21 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/popu.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
21 kB (20956 bytes)
Hash
253189b85b37bee4ea4e7121b7d56aef
5bb91cbacde727e76dcddaad387eee5f7728b8cb
144fd96e2c896ee8f0e6ba9a931590bb6a78303f73c38616e68f82df48091be6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/popu.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 20956
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-51dc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/information.png

164.68.104.41

200 OK

20 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/information.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 256 x 256, 16-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20027 bytes)
Hash
e6041fbcb127f145c3d034a62d95719f
2bcafc64e22538ba03a64e5289c18b43586116bb
7ffebe8aef5184287c21edc3d2fd9cadb12a788a29e8d3717c40836cc7c3ec39

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/information.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 20027
last-modified: Thu, 25 May 2023 13:53:26 GMT
etag: "646f6856-4e3b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/arkea.png

164.68.104.41

200 OK

29 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/arkea.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
29 kB (28909 bytes)
Hash
54169eb27b66c52242563685404d635b
996c6acf8e649ad6a8e7324936dda8551b2a6b8d
76655779eb21d44be228165f6b915009ff0edc42568c89b93197530981ce40b0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/arkea.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 28909
last-modified: Wed, 24 May 2023 09:26:02 GMT
etag: "646dd82a-70ed"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/sg.png

164.68.104.41

200 OK

132 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/sg.png
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
132 kB (131602 bytes)
Hash
bebfae175ba8e9bbb34e8c76c2c8b05a
fbd62f7cc49c3c80f564015bf785810818724fc4
cd93d366a763b0da0c56bb55cd3e56ae63b5a3fc614fa9ffccce20a03ed84b77

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/sg.png HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: image/png
content-length: 131602
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: "646dd828-20212"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/style.css

164.68.104.41

200 OK

3.0 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/style.css
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
ASCII text, with very long lines (3269), with no line terminators
Size
3.0 kB (2951 bytes)
Hash
cf085aaa219b82fee0173b5be5165070
3b6f7e6853f201bde19de7f8b171414aaaa98e4d
9ebf279b79a39437b4776f27f55d4a89560a2671414e8d301abf9cb890eb4d0d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/style.css HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: text/css
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: W/"646dd828-b87"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/includes/bootstrap.min.css

164.68.104.41

200 OK

195 kB

URL GET HTTP/2
paylib-fr.ddnsking.com/includes/bootstrap.min.css
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type

Size
195 kB (194699 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /includes/bootstrap.min.css HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Aug 2023 18:24:03 GMT
content-type: text/css
last-modified: Wed, 24 May 2023 09:26:00 GMT
etag: W/"646dd828-2f88b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

paylib-fr.ddnsking.com/favicon.ico

164.68.104.41

404 Not Found

808 B

URL GET HTTP/2
paylib-fr.ddnsking.com/favicon.ico
IP
164.68.104.41:443
ASN
#51167 Contabo GmbH

Requested by
https://paylib-fr.ddnsking.com/index.php
Certificate
IssuerLet's Encrypt
Subjectpaylib-fr.ddnsking.com
Fingerprint5E:F4:CE:4B:FE:5C:92:C2:4A:55:9E:5E:BA:26:6E:3C:93:77:63:A3
ValidityWed, 09 Aug 2023 12:05:14 GMT - Tue, 07 Nov 2023 12:05:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (866), with no line terminators
Size
808 B (808 bytes)
Hash
b45bdabc5c2538b0c4e5f352bcdfb585
5a97ce87ce8d3d86a043c1a5e68e968e20a1e146
c96189c857253fcdbe13dfcbc7f919050fae21ccb7116c3078ee3c8d8d0f12c7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paylib-fr.ddnsking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paylib-fr.ddnsking.com/index.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Wed, 09 Aug 2023 18:24:04 GMT
content-type: text/html
last-modified: Tue, 08 Aug 2023 17:45:20 GMT
etag: W/"328-6026ced404b0b"
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers