Report - 213.154.13.208/

Report Overview

Submitted URL
213.154.13.208/
IP
213.154.13.208
ASN
#28787 Baku Telephone Communication LLC
Submitted
2024-04-23 20:30:30
Access
public
Website Title
Login
Final URL
213.154.13.208/doc/page/login.asp
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
213.154.13.208	unknown	unknown	No data	No data	7.0 kB	358 kB	213.154.13.208

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed
2024-04-23	medium	213.154.13.208	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	213.154.13.208/doc/script/jquery.cookie.js	3.8 kB	2023-03-08	2024-05-03
Pretty URL 213.154.13.208/doc/script/jquery.cookie.js IP 213.154.13.208 ASN #28787 Baku Telephone Communication LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:07:58 Last Seen2024-05-03 01:13:51 Times Seen489 Hash a479f46b2a66d5772f839cdf20c24898 dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1 087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148 Loading...

	213.154.13.208/doc/script/common.js	43 kB	2023-07-09	2024-04-23
Pretty URL 213.154.13.208/doc/script/common.js IP 213.154.13.208 ASN #28787 Baku Telephone Communication LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-09 22:11:36 Last Seen2024-04-23 22:30:36 Times Seen14 Hash b570c0d27cec497e66159924d026338a 90da62298448d4d467740efd4dced85ef7b7f1c0 5c9840f9019e4b41bad9180a8970f6c46e92997cdc940de5528056e25d3fdf32 Loading...

	213.154.13.208/doc/script/Translator.js	15 kB	2023-07-09	2024-04-29
Pretty URL 213.154.13.208/doc/script/Translator.js IP 213.154.13.208 ASN #28787 Baku Telephone Communication LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-09 22:11:36 Last Seen2024-04-29 01:25:25 Times Seen22 Hash 16c5c3c18f7958a45fe26413afe09b42 ac4121a44fcbc5f4dd61362959eee58714c7f796 6ccb1c3894c19e66da690960e8043400028a9df80cdf40fd207b986e13d8c3b5 Loading...

	unknown	11 B	2023-05-28	2024-04-29
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-28 18:31:01 Last Seen2024-04-29 01:25:25 Times Seen44 Hash b7714adab04b8e7b1e86f38df470bc93 8d79f392e78a4498f0a8d7d1a465c8792c4924ee 883f32987f93a71abdc579c95729cde6733263ef54a77790acc77018c49acb5b Loading...

	213.154.13.208/doc/script/jquery-1.7.1.min.js	94 kB	2023-03-07	2024-05-03
Pretty URL 213.154.13.208/doc/script/jquery-1.7.1.min.js IP 213.154.13.208 ASN #28787 Baku Telephone Communication LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-05-03 19:06:45 Times Seen10605 Hash ddb84c1587287b2df08966081ef063bf 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Loading...

	213.154.13.208/doc/script/login.js	4.9 kB	2023-07-09	2024-04-23
Pretty URL 213.154.13.208/doc/script/login.js IP 213.154.13.208 ASN #28787 Baku Telephone Communication LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-09 22:11:36 Last Seen2024-04-23 22:30:36 Times Seen14 Hash 8a56fcea80966fd98222b4f830c2f3d0 943086ba0e816b7febb94ed1115a3dce00202346 8b48a2277298dec284cd5092497ebcc78c74ab14b84bf429b4b855c53ee4d3e2 Loading...

HTTP Transactions (17)

URL IP Response Size

213.154.13.208/doc/script/jquery.cookie.js

213.154.13.208

200 OK

3.8 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/jquery.cookie.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.8 kB (3752 bytes)
Hash
a479f46b2a66d5772f839cdf20c24898
dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1
087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery.cookie.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/index.asp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:20 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 3752
Content-type: application/x-javascript

213.154.13.208/doc/script/jquery-1.7.1.min.js

213.154.13.208

200 OK

94 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/jquery-1.7.1.min.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
94 kB (93868 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery-1.7.1.min.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/index.asp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:20 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 93868
Content-type: application/x-javascript

213.154.13.208/

213.154.13.208

7.2 kB

URL
213.154.13.208/
IP
213.154.13.208:0
ASN
#28787 Baku Telephone Communication LLC

File type
data
Size
7.2 kB (7205 bytes)
Hash
e535c6b79fb25edceabac384e8b71812
71309f9cdfd5f9185e7ce5d95e2e115dd20f21c7
324f683b772b7c903caf410e7efa2e8c537dc4beb6193fdd0c27f32bdd291e41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 302 Redirect
Server: Hikvision-Webs
Date: Wed Apr 24 01:12:19 2024
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Location: http://213.154.13.208/index.asp

213.154.13.208/doc/css/base.css

213.154.13.208

200 OK

872 B

URL GET HTTP/1.0
213.154.13.208/doc/css/base.css
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
872 B (872 bytes)
Hash
7fe4afb23191ffc45c1438372b0e37e7
90ad127a1e51e952f6db96393fc9c967524a83c6
65d93fc76130740a9a34ebb0b3fe90e2e0b38f4cbf255292ff6bbf28c4b7003a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/css/base.css HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 872
Content-type: text/css

213.154.13.208/doc/css/login.css

213.154.13.208

200 OK

1.1 kB

URL GET HTTP/1.0
213.154.13.208/doc/css/login.css
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1061 bytes)
Hash
f70c26a4637437951b7968903698320d
0935760a3316276c1aeab139f47b721a15fdd913
47fc6dbd70cdb8c0f20a7094503150fcfcfbe5159b25f724fd744aecac87bfb9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/css/login.css HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 1061
Content-type: text/css

213.154.13.208/doc/script/jquery.cookie.js

213.154.13.208

200 OK

3.8 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/jquery.cookie.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.8 kB (3752 bytes)
Hash
a479f46b2a66d5772f839cdf20c24898
dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1
087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery.cookie.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 3752
Content-type: application/x-javascript

213.154.13.208/doc/script/login.js

213.154.13.208

200 OK

4.9 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/login.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
4.9 kB (4877 bytes)
Hash
61fe42c02516e12bef404238a65978a5
15164d33365bbec98ad8d15bc91101939a6acb5d
f50819cb11e9ea87c1c42bf23edd273ef0fe29567d42a6cc961556b2c8c1f40f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/login.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 4877
Content-type: application/x-javascript

213.154.13.208/doc/script/common.js

213.154.13.208

200 OK

43 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/common.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1063), with CRLF line terminators
Size
43 kB (43105 bytes)
Hash
20843305bf773e23ad02446affbc03cc
5c72fcf67f432d6a5f876c22c1a78c53c0a5188c
8822a3a12b77a63ba531488837ea3a483a990606c04e16805cf19907d2a3eb2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/common.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 43105
Content-type: application/x-javascript

213.154.13.208/doc/script/jquery-1.7.1.min.js

213.154.13.208

200 OK

94 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/jquery-1.7.1.min.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
94 kB (93868 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery-1.7.1.min.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 93868
Content-type: application/x-javascript

213.154.13.208/doc/script/Translator.js

213.154.13.208

200 OK

15 kB

URL GET HTTP/1.0
213.154.13.208/doc/script/Translator.js
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
15 kB (14897 bytes)
Hash
5e3da2eaae59230410f8a0e3bd895f98
623f1673085161cfc8c8bafcfe39c271e7a5ac41
e375b60c61cd33a647b5384ab18f7ab8f3e569faffa8728e98678c13779bd85f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/Translator.js HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 14897
Content-type: application/x-javascript

213.154.13.208/doc/xml/Languages.xml

213.154.13.208

200 OK

228 B

URL GET HTTP/1.0
213.154.13.208/doc/xml/Languages.xml
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
228 B (228 bytes)
Hash
cb78fc5d4cdca485ccd4590c2da88fce
973cd2d933f74d31dd9008c960de4ea4f2797b22
c105229d12ed19789222c3936ed150a9bd63304ecaec6c78fa7c99fef789466d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/xml/Languages.xml HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:22 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 228
Content-type: text/xml

213.154.13.208/doc/images/login/input_normal.png

213.154.13.208

200 OK

4.0 kB

URL GET HTTP/1.0
213.154.13.208/doc/images/login/input_normal.png
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
PNG image data, 200 x 28, 8-bit/color RGBA, interlaced
Size
4.0 kB (4046 bytes)
Hash
18e83d6645bb1e382735a508569e8057
6d329d4cdcf26e505be0fd5ec25fedf396012d42
5babca8a7b2041dae3d2a575bfef57aa22f520b27cc11531f1494d8f54cd0c99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/images/login/input_normal.png HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/css/login.css
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:22 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 4046
Content-type: text/plain

213.154.13.208/favicon.ico

213.154.13.208

200 OK

1.2 kB

URL GET HTTP/1.0
213.154.13.208/favicon.ico
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
89b932fcc47cf4ca3faadb0cfdef89cf
bbe285bc080460c8d71e80965e993852e62d438f
7d249b2fca8ab8d5ab373444732b8bc9104ab597976640f3441ddfd70148b527

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:22 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 1150
Content-type: text/plain

213.154.13.208/doc/images/login/login_14.png

213.154.13.208

200 OK

80 kB

URL GET HTTP/1.0
213.154.13.208/doc/images/login/login_14.png
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
PNG image data, 716 x 344, 8-bit/color RGBA, non-interlaced
Size
80 kB (80144 bytes)
Hash
afb32f6ebaf4ec9a882513fc400e5d87
a139d8d20f5d419ce179b01fc822512696d81fcb
4aaf51bad5e225e09a8eb8835dcf005820ffa2c7c5f907214efbe1fd5067c3bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/images/login/login_14.png HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/css/login.css
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:22 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 80144
Content-type: text/plain

213.154.13.208/doc/xml/en/Login.xml

213.154.13.208

200 OK

854 B

URL GET HTTP/1.0
213.154.13.208/doc/xml/en/Login.xml
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

Requested by
http://213.154.13.208/doc/page/login.asp

File type
XML 1.0 document, ASCII text, with CRLF line terminators
Size
854 B (854 bytes)
Hash
1491dea09bb7fb0897823065a959bc54
8bd6134910e17a107b9a0671ce25fdaa906ddca2
5d8c60ebea2c4a3e3f5c9ae2fe395496a67c56674aa27d9ebd69ab0295b7d308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/xml/en/Login.xml HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://213.154.13.208/doc/page/login.asp
Cookie: language=en; updateTips=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:23 2024
Server: Hikvision-Webs
Last-modified: Mon Oct  8 06:43:05 2012
Content-length: 854
Content-type: text/xml

213.154.13.208/doc/page/login.asp

213.154.13.208

200 OK

2.1 kB

URL User Request GET HTTP/1.0
213.154.13.208/doc/page/login.asp
IP
213.154.13.208:80
ASN
#28787 Baku Telephone Communication LLC

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2422), with no line terminators
Size
2.1 kB (2107 bytes)
Hash
6dcb1c32ce14ea1ead23a051b639e82f
df886136c6591ac4fac42b813f30edb0e8425f2e
9737c91395cdead8e5f44572d06156cf39b43e2eac477a0912c103ee38dd6a4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/page/login.asp HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://213.154.13.208/index.asp
DNT: 1
Connection: keep-alive
Cookie: language=en; updateTips=true
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Wed Apr 24 01:12:21 2024
Server: Hikvision-Webs
Pragma: no-cache
Cache-Control: no-cache
Content-type: text/html

213.154.13.208/doc/page/login.asp

0.0.0.0

0 B

URL User Request GET
213.154.13.208/doc/page/login.asp
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/page/login.asp HTTP/1.1
Host: 213.154.13.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://213.154.13.208/index.asp
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type