Report - 52.198.103.254/login

Report Overview

Submitted URL
52.198.103.254/login
IP
52.198.103.254
ASN
#16509 AMAZON-02
Submitted
2024-04-16 09:34:17
Access
public
Website Title
ログイン | 海事プレスONLINE
Final URL
52.198.103.254/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
52.198.103.254	unknown	unknown	No data	No data	7.7 kB	379 kB	52.198.103.254
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-15	814 B	444 B	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05	2024-04-16	579 B	578 B	172.217.21.163
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-16	873 B	164 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed
2024-04-16	medium	52.198.103.254	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-29
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-29 20:26:11 Times Seen342720 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c	251 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 11:34:23 Last Seen2024-04-16 11:34:24 Times Seen2 Hash 391e2408ca2da096163966db43c00de0 773c030405f395923eb9da7d94766fddcc29984e 9ff1c94452b67cb97e7bd7ce6a9de34c654a18f207fbf4f5654a776fbf77b754 Loading...

	52.198.103.254/js/jquery.cookie.js	3.1 kB	2023-03-07	2024-04-29
Pretty URL 52.198.103.254/js/jquery.cookie.js IP 52.198.103.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-29 07:21:50 Times Seen3156 Hash 0f1f6cd6e0036897019b376d38593403 498b29de6e170fffc8535183b7d6550490f0a159 8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69 Loading...

	52.198.103.254/js/common.js?1713260032	8.2 kB	2024-04-16	2024-04-16
Pretty URL 52.198.103.254/js/common.js?1713260032 IP 52.198.103.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 11:34:23 Last Seen2024-04-16 11:34:23 Times Seen2 Hash 3c9402120197a686fe255cf54c0bb90f bdcf99095deb3ac3dfaac910bc19108402793890 a5c58b3711aafdcadc71d8c59df452612a7322f2d5f73ff7b06914114aa4e926 Loading...

	www.googletagmanager.com/gtag/js?id=UA-146963760-1	204 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=UA-146963760-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 11:34:23 Last Seen2024-04-16 11:34:23 Times Seen2 Hash ed4abd1b4e8425377821ec52354f0451 4a6178ee0cd66623e5deb5348cb9cb6dc7e658c4 94cc67f2e9c53d6fc3717d613e3910cde657f984ad3cbce39a86e542fbd189b8 Loading...

	52.198.103.254/sandbox%20eval%20code	147 B	2023-04-11	2024-04-29
Pretty URL 52.198.103.254/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-29 20:26:11 Times Seen343221 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	52.198.103.254/js/jquery.js	96 kB	2023-03-07	2024-04-29
Pretty URL 52.198.103.254/js/jquery.js IP 52.198.103.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-29 20:09:26 Times Seen10498 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	52.198.103.254/js/easing.js	8.1 kB	2023-03-07	2024-04-16
Pretty URL 52.198.103.254/js/easing.js IP 52.198.103.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:57:29 Last Seen2024-04-16 11:34:23 Times Seen110 Hash 9dedfbd1f22121a5e8c73e7efd956783 39e3b5ae656b1845fd615042ad7dedc11465f4ae c85028b4485f3b7e91508aa9891cfeb41a8884efd87672715de3fa1ae2173948 Loading...

	52.198.103.254/login	155 B	2024-04-16	2024-04-16
Pretty URL 52.198.103.254/login IP 52.198.103.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 11:34:23 Last Seen2024-04-16 11:34:23 Times Seen1 Hash cb220bb62388630c39bcceb004c9dc92 7b0fb2bf91b0dd1e088baa3985428b0fad17347a f79e285cdc4ca1482ec037f5fcb4a1ad50ed4f77385725550eaf2e9d9fd7da1f Loading...

HTTP Transactions (23)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=UA-146963760-1

142.250.74.168

200 OK

74 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-146963760-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://52.198.103.254/login
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
74 kB (73723 bytes)
Hash
ed4abd1b4e8425377821ec52354f0451
4a6178ee0cd66623e5deb5348cb9cb6dc7e658c4
94cc67f2e9c53d6fc3717d613e3910cde657f984ad3cbce39a86e542fbd189b8

HTTP Headers

GET /gtag/js?id=UA-146963760-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 09:33:52 GMT
expires: Tue, 16 Apr 2024 09:33:52 GMT
cache-control: private, max-age=900
last-modified: Tue, 16 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73723
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

52.198.103.254/login

52.198.103.254

200 OK

17 kB

URL User Request GET HTTP/1.1
52.198.103.254/login
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
17 kB (16625 bytes)
Hash
707cddabbcd77ff4cfd9386e8ff74a4f
c6bbf8e5c524be623a5032f4d1587ccc172d9d3c
b0d1b39db0db2d4c56eaa07e440c65012eaaceccaeb790ca9c58905ba6ad4bce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
X-Powered-By: PHP/8.2.3
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: 
Cache-Control: 
Pragma: 
Set-Cookie: SSUser=cdltbemvbulqla29n1cg34jolc; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

52.198.103.254/js/common.js?1713260032

52.198.103.254

200 OK

8.2 kB

URL GET HTTP/1.1
52.198.103.254/js/common.js?1713260032
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
JavaScript source, Unicode text, UTF-8 text
Size
8.2 kB (8162 bytes)
Hash
3c9402120197a686fe255cf54c0bb90f
bdcf99095deb3ac3dfaac910bc19108402793890
a5c58b3711aafdcadc71d8c59df452612a7322f2d5f73ff7b06914114aa4e926

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/common.js?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:02:58 GMT
ETag: "1fe2-60f09e1d804f2"
Accept-Ranges: bytes
Content-Length: 8162
Connection: close
Content-Type: application/javascript

52.198.103.254/js/jquery.js

52.198.103.254

200 OK

96 kB

URL GET HTTP/1.1
52.198.103.254/js/jquery.js
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
96 kB (95957 bytes)
Hash
895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:24 GMT
ETag: "176d5-5652b061b3a00"
Accept-Ranges: bytes
Content-Length: 95957
Connection: close
Content-Type: application/javascript

52.198.103.254/css/fontawesome-all.min.css

52.198.103.254

200 OK

35 kB

URL GET HTTP/1.1
52.198.103.254/css/fontawesome-all.min.css
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
ASCII text, with very long lines (34556)
Size
35 kB (34734 bytes)
Hash
42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fontawesome-all.min.css HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:11:52 GMT
ETag: "87ae-5652b0432f200"
Accept-Ranges: bytes
Content-Length: 34734
Connection: close
Content-Type: text/css

52.198.103.254/js/easing.js

52.198.103.254

200 OK

8.1 kB

URL GET HTTP/1.1
52.198.103.254/js/easing.js
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
Unicode text, UTF-8 text
Size
8.1 kB (8098 bytes)
Hash
9dedfbd1f22121a5e8c73e7efd956783
39e3b5ae656b1845fd615042ad7dedc11465f4ae
c85028b4485f3b7e91508aa9891cfeb41a8884efd87672715de3fa1ae2173948

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/easing.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:23 GMT
ETag: "1fa2-5652b060bf7c0"
Accept-Ranges: bytes
Content-Length: 8098
Connection: close
Content-Type: application/javascript

52.198.103.254/js/jquery.cookie.js

52.198.103.254

200 OK

3.1 kB

URL GET HTTP/1.1
52.198.103.254/js/jquery.cookie.js
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
JavaScript source, ASCII text
Size
3.1 kB (3140 bytes)
Hash
0f1f6cd6e0036897019b376d38593403
498b29de6e170fffc8535183b7d6550490f0a159
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Mon, 08 Jul 2019 07:39:40 GMT
ETag: "c44-58d268bf64700"
Accept-Ranges: bytes
Content-Length: 3140
Connection: close
Content-Type: application/javascript

52.198.103.254/css/common.css?1713260032

52.198.103.254

200 OK

54 kB

URL GET HTTP/1.1
52.198.103.254/css/common.css?1713260032
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
Unicode text, UTF-8 text, with very long lines (362)
Size
54 kB (54375 bytes)
Hash
a716f1add6792686708d3a5ca026cba2
f58093716ba6c1f73439fe311487e2fe733a7cd0
9232439d8d552b61425170b52d6246f9ec76e988c8839609c64e1b3494638592

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/common.css?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:32:22 GMT
ETag: "d467-60f0a4affa066"
Accept-Ranges: bytes
Content-Length: 54375
Connection: close
Content-Type: text/css

52.198.103.254/css/lower.css?1713260032

52.198.103.254

200 OK

114 kB

URL GET HTTP/1.1
52.198.103.254/css/lower.css?1713260032
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
Unicode text, UTF-8 text
Size
114 kB (114521 bytes)
Hash
cb2692e78fb13ec933b0c779cb343cfa
3a402dd67afb340e33e77468a861b3b5185c6b61
41c6e53aab20541908591865c333f36d733a2f1b02bb07bf09553e4b728be717

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/lower.css?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Fri, 29 Sep 2023 14:42:36 GMT
ETag: "1bf59-606806f7f7309"
Accept-Ranges: bytes
Content-Length: 114521
Connection: close
Content-Type: text/css

www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c

142.250.74.168

200 OK

89 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://52.198.103.254/login
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
89 kB (88740 bytes)
Hash
391e2408ca2da096163966db43c00de0
773c030405f395923eb9da7d94766fddcc29984e
9ff1c94452b67cb97e7bd7ce6a9de34c654a18f207fbf4f5654a776fbf77b754

HTTP Headers

GET /gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 09:33:55 GMT
expires: Tue, 16 Apr 2024 09:33:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88740
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

52.198.103.254/media/images/common/modal_close.png

52.198.103.254

200 OK

1.6 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/modal_close.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1575 bytes)
Hash
66bb376e81ea206a06a0b782c24c9356
9e32a9966974f4113f2c108caa5425d425c217ed
4b8570a18b80e4ac3dda8d4df7c14c7151ba5afc24d54f04040936400eca4ca1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/modal_close.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Thu, 11 Jul 2019 05:04:24 GMT
ETag: "627-58d60ba358600"
Accept-Ranges: bytes
Content-Length: 1575
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/btn_close.png

52.198.103.254

200 OK

1.8 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/btn_close.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1757 bytes)
Hash
756ff830820a5ef4e7fed9fcdd2c6353
cd4120acaa22369d6f77566eeedd5a9708c03af4
b626e414c1f1bcfb2112a6fc38c3493e5b7e6368e99fc1dc27462d42e8bb9d15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/btn_close.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:08:20 GMT
ETag: "6dd-60f09f5087bb9"
Accept-Ranges: bytes
Content-Length: 1757
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/icon_tw.png

52.198.103.254

200 OK

2.1 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_tw.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
2.1 kB (2115 bytes)
Hash
059654af5f191228db8d183d3906158a
42c5cdafcebf26f7fda40131ad2682476ff64283
9f1789418ddfd85a9f4a7ff18de4f9a2e94bcabebb900f2e6ba2355d854b7c1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_tw.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "843-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 2115
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/hd_logo.png

52.198.103.254

200 OK

10 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/hd_logo.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 287 x 49, 8-bit/color RGB, non-interlaced
Size
10 kB (10074 bytes)
Hash
1b7e142bd58a9db35907844eacee019f
dc715998fe3affb92c4962eacb37eacf59b2d11c
49e2e1e40523576ef6769c45496010fc0565c97ff5246bd7d7717bb065bff0ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/hd_logo.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Thu, 01 Aug 2019 06:24:08 GMT
ETag: "275a-58f084a067200"
Accept-Ranges: bytes
Content-Length: 10074
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/icon_fb.png

52.198.103.254

200 OK

1.5 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_fb.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1545 bytes)
Hash
0c99b87b3e4e38dc0d7bcd617b417d1a
724f179d04a1373e31b023b7c600f155347d4d06
1c9c1df70d273c0fd83cdeb0f1be3935976296b46a87c4b16f17fc6b10b867c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_fb.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:06 GMT
ETag: "609-5652b05089180"
Accept-Ranges: bytes
Content-Length: 1545
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/icon_x.png

52.198.103.254

200 OK

4.2 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_x.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 60 x 61, 8-bit/color RGBA, non-interlaced
Size
4.2 kB (4176 bytes)
Hash
7d2e8117c746e595936ece002092a0c3
cdbae9c299dd182a7f9ecf3c7298a0c643dbab83
55079d2a89e22a8ac9e69cf7cb37f00565978fb90e725479000fc28036c9840d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_x.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Fri, 29 Sep 2023 11:02:10 GMT
ETag: "1050-6067d5b31c826"
Accept-Ranges: bytes
Content-Length: 4176
Connection: close
Content-Type: image/png

region1.analytics.google.com/g/collect?v=2&tid=G-RXGWKQ024D&gtm=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-RXGWKQ024D&gtm=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
http://52.198.103.254/login
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-RXGWKQ024D&gtm=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://52.198.103.254
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://52.198.103.254
date: Tue, 16 Apr 2024 09:33:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

52.198.103.254/media/images/common/icon_search.png

52.198.103.254

200 OK

1.8 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_search.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 34 x 36, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1814 bytes)
Hash
553da03d3d39062211dc263eaf1bb6b5
0c849141aa44d20851f836ec391e08ad937fe3ad
ae37264ae338e115827f898ac283ad08803a3600204f22c7fd0bfaf44a956b77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_search.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "716-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1814
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/icon_line.png

52.198.103.254

200 OK

3.0 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_line.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
3.0 kB (2996 bytes)
Hash
e1e0077021a3710d10792b404f8fe282
93f7a0f98be1c0201ad03d3ea21acd2e68ab3662
c86853b206f8f16b3e2e609dfe2a9fab4e74ead7f2191256d8c3a5980db87614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_line.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:06 GMT
ETag: "bb4-5652b05089180"
Accept-Ranges: bytes
Content-Length: 2996
Connection: close
Content-Type: image/png

52.198.103.254/media/images/common/icon_registration.gif

52.198.103.254

200 OK

1.5 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_registration.gif
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
GIF image data, version 89a, 23 x 19
Size
1.5 kB (1503 bytes)
Hash
770ee0e63b71c64ae55c05222affad22
241bbca6aca2bee1d8eab3dd4c8e140056315a52
87f42e612f03e6f95ba0e3f339feb7b00dcc3dcd06c3ae01df926ac39c5745d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_registration.gif HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "5df-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1503
Connection: close
Content-Type: image/gif

52.198.103.254/media/images/common/icon_login.png

52.198.103.254

200 OK

1.5 kB

URL GET HTTP/1.1
52.198.103.254/media/images/common/icon_login.png
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
PNG image data, 34 x 38, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1535 bytes)
Hash
cf200889b54be291baa1633c8dfb25ad
eee7ead5338953b5500af50ee97882c96a3918d7
81e62723dbac096411cbc90c062cfa8c8f9acfd4e80eb05523f5aa9c20766253

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/images/common/icon_login.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "5ff-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1535
Connection: close
Content-Type: image/png

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036&gtm=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123

172.217.21.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036&gtm=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123
IP
172.217.21.163:443
ASN
#15169 GOOGLE

Requested by
http://52.198.103.254/login
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint0E:DD:25:54:7B:C3:7F:EC:27:35:B1:EC:15:C4:B7:D2:09:71:3B:68
ValidityMon, 04 Mar 2024 07:26:33 GMT - Mon, 27 May 2024 07:26:32 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036&gtm=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Apr 2024 09:33:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

52.198.103.254/favicon.ico

52.198.103.254

200 OK

9.5 kB

URL GET HTTP/1.1
52.198.103.254/favicon.ico
IP
52.198.103.254:80
ASN
#16509 AMAZON-02

Requested by
http://52.198.103.254/login

File type
MS Windows icon resource - 1 icon, 47x48, 32 bits/pixel
Size
9.5 kB (9470 bytes)
Hash
311c784611ef4e116937464fdac4861e
705e3ff2c6dcddfb4e6959463d1e5bc889a378a6
35886e799dabee7eff0d63dca373d96debd3c9cb82fc5c33a01bfac27370b95b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc; _ga_RXGWKQ024D=GS1.1.1713260035.1.0.1713260035.60.0.0; _ga=GA1.1.1168920935.1713260036
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Thu, 26 Sep 2019 09:57:22 GMT
ETag: "24fe-59371cbb86480"
Accept-Ranges: bytes
Content-Length: 9470
Connection: close
Content-Type: image/vnd.microsoft.icon

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML