ekcrynemaurczb0zfnemecvuospuwq.duckdns.org

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 45.135.229.241, located in Manassas, United States and belongs to GHOST, LU. The main domain is ekcrynemaurczb0zfnemecvuospuwq.duckdns.org.

This is the only time ekcrynemaurczb0zfnemecvuospuwq.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.135.229.241 45.135.229.241	202422 (GHOST) (GHOST)
1 1	208.84.244.116 208.84.244.116	() ()
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba11	() ()
2	2

2 45.135.229.241 (Manassas, United States) 1 redirects

ASN202422 (GHOST, LU)
PTR: server.torresmioc.me.uk

ekcrynemaurczb0zfnemecvuospuwq.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
notaemaberto9388676236523.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.84.244.116 (None, ) 1 redirects

ASN- ()

terra.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba11 (None, )

ASN- ()

www.terra.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	terra.com.br 1 redirects terra.com.br www.terra.com.br	264 B
2	duckdns.org 1 redirects ekcrynemaurczb0zfnemecvuospuwq.duckdns.org notaemaberto9388676236523.duckdns.org	2 KB
2	2

	Domain	Requested by
1	www.terra.com.br	ekcrynemaurczb0zfnemecvuospuwq.duckdns.org
1	terra.com.br	1 redirects
1	notaemaberto9388676236523.duckdns.org	1 redirects
1	ekcrynemaurczb0zfnemecvuospuwq.duckdns.org
2	4

This site contains no links.

Subject Issuer	Validity	Valid
terra.com.br DigiCert SHA2 Secure Server CA	`2021-11-17` - `2022-11-17`	a year	crt.sh

This page contains 1 frames:

Frame: https://www.terra.com.br/
Frame ID: A26437F6B7A90E06BAE55AAF9328E1E4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

2
Requests

50 %
HTTPS

33 %
IPv6

2
Domains

4
Subdomains

2
IPs

1
Countries

1 kB
Transfer

1 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://notaemaberto9388676236523.duckdns.org/r3t9p4i/ HTTP 302
https://terra.com.br/ HTTP 301
https://www.terra.com.br/

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ekcrynemaurczb0zfnemecvuospuwq.duckdns.org/ 1 KB
1 KB 391ms
101ms Document
text/html 45.135.229.241
GHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://ekcrynemaurczb0zfnemecvuospuwq.duckdns.org/
Protocol: HTTP/1.1
Server: 45.135.229.241 Manassas, United States, ASN202422 (GHOST, LU),
Reverse DNS: server.torresmioc.me.uk
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 9282c8ec59b2c7e1208f0c6b6c48935b11dbbe5ffaad7e2f2072b2e986d8be0a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Mon, 21 Mar 2022 21:33:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
Last-Modified: Mon, 21 Mar 2022 18:47:45 GMT
ETag: "434-5dabeee95f640"
Accept-Ranges: bytes
Content-Length: 1076
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2

200

/
www.terra.com.br/
Redirect Chain

http://notaemaberto9388676236523.duckdns.org/r3t9p4i/
https://terra.com.br/
https://www.terra.com.br/

0
0

234ms
32ms

Document
text/html

2a02:26f0:6c00::210:ba11

General

Check archive.org

Show headers Download Go to

Full URL

https://www.terra.com.br/

Requested by

Host: ekcrynemaurczb0zfnemecvuospuwq.duckdns.org
URL: http://ekcrynemaurczb0zfnemecvuospuwq.duckdns.org/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba11 -, , ASN (),

Reverse DNS

Software

/

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://ekcrynemaurczb0zfnemecvuospuwq.duckdns.org/

Response headers

content-type: text/html; charset=utf-8
x-xact-uuid: 2fe1bb7a-45af-4af3-b12b-56bc123d7700
x-xact-montador-time: 1647898423
x-http-reason: OK
x-cache-profile: terra360-cover
cache-control: max-age=30, stale-if-error=3600
x-cms-delivery-uuid: 9191bea1-8673-47d1-8e19-fe4ead37c9d0
x-original-ua: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
strict-transport-security: max-age=15552000
x-mt-cache: HIT
x-frame-options: SAMEORIGIN
content-encoding: br
content-length: 31866
date: Mon, 21 Mar 2022 21:34:04 GMT

Redirect headers

date: Mon, 21 Mar 2022 21:34:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 233
x-http-reason: Moved Permanently
location: https://www.terra.com.br/
cache-control: max-age=604800
expires: Sat, 26 Mar 2022 12:08:10 GMT
x-mt-cache: HIT
x-xact-uuid: 33944b7d-d01b-4f9f-b8c8-c3e52a52cb70
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			notaemaberto9388676236523.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5mq8ocaienefcm7hbq3vuh8412

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ekcrynemaurczb0zfnemecvuospuwq.duckdns.org
notaemaberto9388676236523.duckdns.org
terra.com.br
www.terra.com.br
208.84.244.116
2a02:26f0:6c00::210:ba11
45.135.229.241
9282c8ec59b2c7e1208f0c6b6c48935b11dbbe5ffaad7e2f2072b2e986d8be0a

ekcrynemaurczb0zfnemecvuospuwq.duckdns.org Open in urlscan Pro 45.135.229.241 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

2 Requests

50 %HTTPS

33 %IPv6

2 Domains

4 Subdomains

2 IPs

1 Countries

1 kBTransfer

1 kBSize

1 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

1 Cookies

Indicators

ekcrynemaurczb0zfnemecvuospuwq.duckdns.org Open in urlscan Pro
45.135.229.241 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

33 %
IPv6

2
Domains

4
Subdomains

2
IPs

1
Countries

1 kB
Transfer

1 kB
Size

1
Cookies

2 HTTP transactions
0 data transactions