Report - cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0

Report Overview

Submitted URL
cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0
IP
206.189.156.69
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-04-25 17:47:25
Access
public
Website Title
oast.pro/
Final URL
oast.pro/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
5
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun	unknown	unknown	No data	No data	1.2 kB	1.3 kB	206.189.156.69
oast.pro	unknown	2022-01-11	2022-01-11	2024-04-17	706 B	1.3 kB	178.128.212.209

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 17:47:00	high	Client IP	206.189.156.69	ThreatFox Unknown malware botnet C2 traffic (ip:port - confidence level: 100%)
2024-04-25 17:47:01	low	Client IP	206.189.156.69	ET INFO Interactsh Domain (.oast .fun in TLS SNI)
2024-04-25 17:47:01	low	Client IP	206.189.156.69	ET INFO Interactsh Domain (.oast .fun in TLS SNI)
2024-04-25 17:47:02	high	Client IP	178.128.212.209	ThreatFox Unknown malware botnet C2 traffic (ip:port - confidence level: 100%)
2024-04-25 17:47:16	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0	206.189.156.69		4 B
URL cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0 IP 206.189.156.69:0 ASN #14061 DIGITALOCEAN-ASN File type ASCII text, with no line terminators Size 4 B (4 bytes) Hash 8732681521a09d4de6e426908f4d7509 331298fe0884a01b4a0a0cd3d0287fba2f1d5c1c 98da6a83ef12329caafd52da4da83ce3df395f177c0c88ebad49a0d85ee2a895 HTTP Headers GET /ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0 HTTP/1.1 Host: cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 302 Found access-control-allow-credentials: true access-control-allow-headers: Content-Type, Authorization access-control-allow-origin: * location: http://oast.pro server: oast.fun x-interactsh-version: 1.1.8 content-type: text/plain; charset=utf-8 content-length: 4 date: Thu, 25 Apr 2024 17:47:01 GMT X-Firefox-Spdy: h2`

	oast.pro/	178.128.212.209	200 OK	650 B
URL User Request GET HTTP/1.1 oast.pro/ IP 178.128.212.209:80 ASN #14061 DIGITALOCEAN-ASN File type HTML document, ASCII text Size 650 B (650 bytes) Hash 5770da91d9be117c11e614e2cf1626e2 284c1f1943d0a3d2fba5e494e2ea54b5a4b714e8 87d41126be4c4ae44c8ba07928bcd63a72aba9432be324dccc86e52bda4936bc HTTP Headers `GET / HTTP/1.1 Host: oast.pro User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.pro X-Interactsh-Version: 1.1.8 Date: Thu, 25 Apr 2024 17:47:02 GMT Content-Length: 650`

	oast.pro/favicon.ico	178.128.212.209	200 OK	39 B
URL GET HTTP/1.1 oast.pro/favicon.ico IP 178.128.212.209:80 ASN #14061 DIGITALOCEAN-ASN Requested by http://oast.pro/ File type HTML document, ASCII text, with no line terminators Size 39 B (39 bytes) Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e HTTP Headers `GET /favicon.ico HTTP/1.1 Host: oast.pro User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://oast.pro/ Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.pro X-Interactsh-Version: 1.1.8 Date: Thu, 25 Apr 2024 17:47:03 GMT Content-Length: 39`

	cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0	206.189.156.69	302 Found	650 B
URL User Request GET HTTP/2 cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun/ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0 IP 206.189.156.69:443 ASN #14061 DIGITALOCEAN-ASN Certificate IssuerLet's Encrypt Subject.oast.fun Fingerprint69:77:8B:6A:E7:C3:EF:B2:40:06:6C:FC:9A:0F:36:03:15:60:51:D6 ValidityWed, 06 Mar 2024 23:27:30 GMT - Tue, 04 Jun 2024 23:27:29 GMT File type Size 650 B (650 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ofnu.xlsx?body=ofnu&header=Location:http://oast.pro&status=302&access_token_ttl=0 HTTP/1.1 Host: cok9ur78uutig4c22nk06g4mse1syf8qu.oast.fun User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 302 Found access-control-allow-credentials: true access-control-allow-headers: Content-Type, Authorization access-control-allow-origin: location: http://oast.pro server: oast.fun x-interactsh-version: 1.1.8 content-type: text/plain; charset=utf-8 content-length: 4 date: Thu, 25 Apr 2024 17:47:01 GMT X-Firefox-Spdy: h2`