URL User Request GET HTTP/1.1IP 109.239.60.199:443
ASN#34011 Host Europe GmbH
CertificateIssuerStarfield Technologies, Inc. Subject*.ad-portal.de FingerprintB0:64:8E:6A:91:FA:99:7C:8F:6D:B0:6F:73:EE:2B:1E:89:AA:3F:45 ValidityWed, 27 Sep 2023 09:55:29 GMT - Fri, 27 Sep 2024 09:55:29 GMT
File typeHTML document, ASCII text Hash568ad62f40743c81587669b2ade0ccdc cc7d1cf8344d040d3386cf6af6b3c0a798915c5e f98cf1269f317f6773188c6997f40633b549d6fe6f119ec5b8e342299d37a773
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ok.sh HTTP/1.1
Host: 109.239.60.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 24 Apr 2024 20:51:27 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options: DENY
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Feature-Policy: geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none'; accelerometer 'none'; vr 'none'; speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; microphone 'none'
Location: https://109.239.60.199/ok.sh
Content-Length: 316
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
URL User Request GET HTTP/1.1IP109.239.60.199:443 ASN#34011 Host Europe GmbH
CertificateIssuerStarfield Technologies, Inc. Subject*.ad-portal.de FingerprintB0:64:8E:6A:91:FA:99:7C:8F:6D:B0:6F:73:EE:2B:1E:89:AA:3F:45 ValidityWed, 27 Sep 2023 09:55:29 GMT - Fri, 27 Sep 2024 09:55:29 GMT
File typeHTML document, ASCII text Hash5697c64a2c56891da210fa8c64748a82 9f244758936978af8ac52cecceaf3231b5b827b2 4a7d0ff3327d51faab8d68c4913e1d7cddeadf0db962518d3aed3497289dfe50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ok.sh HTTP/1.1
Host: 109.239.60.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 20:51:29 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options: DENY
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Feature-Policy: geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none'; accelerometer 'none'; vr 'none'; speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; microphone 'none'
Content-Length: 280
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
| 109.239.60.199/favicon.ico | 109.239.60.199 | 403 Forbidden | 280 B |
URL GET HTTP/1.1109.239.60.199/favicon.ico IP109.239.60.199:443 ASN#34011 Host Europe GmbH
Requested byhttps://109.239.60.199/ok.sh CertificateIssuerStarfield Technologies, Inc. Subject*.ad-portal.de FingerprintB0:64:8E:6A:91:FA:99:7C:8F:6D:B0:6F:73:EE:2B:1E:89:AA:3F:45 ValidityWed, 27 Sep 2023 09:55:29 GMT - Fri, 27 Sep 2024 09:55:29 GMT
File typeHTML document, ASCII text Hash5697c64a2c56891da210fa8c64748a82 9f244758936978af8ac52cecceaf3231b5b827b2 4a7d0ff3327d51faab8d68c4913e1d7cddeadf0db962518d3aed3497289dfe50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 109.239.60.199
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://109.239.60.199/ok.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 20:51:29 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options: DENY
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Feature-Policy: geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none'; accelerometer 'none'; vr 'none'; speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; microphone 'none'
Content-Length: 280
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|