Report - 185.95.84.78/rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9

Report Overview

Submitted URL
185.95.84.78/rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9
IP
185.95.84.78
ASN
#51559 Netinternet Bilisim Teknolojileri AS
Submitted
2024-04-26 00:13:24
Access
public
Website Title
whoops.jpg (JPEG Image, 450 × 230 pixels)
Final URL
castlhill.com/images/whoops.jpg
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
185.95.84.78	unknown	unknown	2017-07-01	2024-03-25	1.4 kB	1.4 kB	185.95.84.78
www.zominnen.com	unknown	2020-03-10	2020-03-12	2024-04-17	618 B	314 B	216.107.136.133
castlhill.com	430106	2018-07-18	2018-10-31	2023-01-30	786 B	42 kB	159.65.99.190

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	185.95.84.78	Sinkholed
2024-04-26	medium	185.95.84.78	Sinkholed
2024-04-26	medium	185.95.84.78	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

185.95.84.78/rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9

185.95.84.78

235 B

URL
185.95.84.78/rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9
IP
185.95.84.78:0
ASN
#51559 Netinternet Bilisim Teknolojileri AS

File type
HTML document, ASCII text
Size
235 B (235 bytes)
Hash
41735c0e24be1e5bd89c1f6531207494
9eae1bfa3b43e52c21e87fabcd63a4c2a3e55554
a594b117bc9c64745935f48b866c3caa70cded9c35ee02841a28277f3e75ffe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9 HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 499
X-Ratelimit-Reset: 1714093979
Date: Fri, 26 Apr 2024 00:12:59 GMT
Content-Length: 235

185.95.84.78/t/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9

185.95.84.78

408 B

URL
185.95.84.78/t/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9
IP
185.95.84.78:0
ASN
#51559 Netinternet Bilisim Teknolojileri AS

File type
JavaScript source, ASCII text
Size
408 B (408 bytes)
Hash
05114ee67c092aeb8194c6979f765a22
8e264c2364f1391d274aa05e816ea8176423ff10
4a3a7744f114bd7696d13d009c88442ca5f2a50992c16adcf7fe2cb06642355f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /t/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9 HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.95.84.78/rd/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 498
X-Ratelimit-Reset: 1714093979
Date: Fri, 26 Apr 2024 00:13:00 GMT
Content-Length: 408

185.95.84.78/favicon.ico

185.95.84.78

0 B

URL
185.95.84.78/favicon.ico
IP
185.95.84.78:0
ASN
#51559 Netinternet Bilisim Teknolojileri AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.95.84.78/t/4uymNY11267qdRY184ucusysdinz470WVCWCEYYXCWIVZS509028QNAK2259F9
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 497
X-Ratelimit-Reset: 1714093979
Date: Fri, 26 Apr 2024 00:13:00 GMT
Content-Length: 0

www.zominnen.com/a-iKR9dPUtIsKYlZvJ5s58ppr3oUWIzYj9rD5WT5qBKPFrSRItEAGGTASaLyDdM1WTkR1lDX4Z_rMTroPyl4uQ~~/9/184-11267/470-509028-2259

216.107.136.133

302 Found

0 B

URL User Request GET HTTP/1.1
www.zominnen.com/a-iKR9dPUtIsKYlZvJ5s58ppr3oUWIzYj9rD5WT5qBKPFrSRItEAGGTASaLyDdM1WTkR1lDX4Z_rMTroPyl4uQ~~/9/184-11267/470-509028-2259
IP
216.107.136.133:443
ASN
#396356 LATITUDE-SH

Certificate
IssuerLet's Encrypt
Subjectwww.zominnen.com
Fingerprint3E:EA:21:66:F4:97:92:5E:49:3D:1B:63:58:8E:5D:FC:91:8E:F9:D9
ValidityMon, 25 Mar 2024 20:46:35 GMT - Sun, 23 Jun 2024 20:46:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a-iKR9dPUtIsKYlZvJ5s58ppr3oUWIzYj9rD5WT5qBKPFrSRItEAGGTASaLyDdM1WTkR1lDX4Z_rMTroPyl4uQ~~/9/184-11267/470-509028-2259 HTTP/1.1
Host: www.zominnen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://185.95.84.78/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 26 Apr 2024 00:13:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Server: Apache
Set-Cookie: uid8759=758888567-20240425201301-cc7e83d26390fb8922dfded98aaffd0f-; domain=zominnen.com; path=/; SameSite=None; Secure
Location: http://castlhill.com/images/whoops.jpg

castlhill.com/images/whoops.jpg

159.65.99.190

200 OK

42 kB

URL User Request GET HTTP/1.1
castlhill.com/images/whoops.jpg
IP
159.65.99.190:80
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 450x230, components 3
Size
42 kB (41589 bytes)
Hash
d36c171ac8467ff2ce82e747c9aab086
1932c5675195169bcc8d3aad6d661ce279ebb6ee
378508849997be414ca3966a65635fd15b1bc2dbf1c733634b5054739088945e

HTTP Headers

GET /images/whoops.jpg HTTP/1.1
Host: castlhill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.95.84.78/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Fri, 26 Apr 2024 00:13:02 GMT
Content-Type: image/jpeg
Content-Length: 41589
Last-Modified: Wed, 18 Jul 2018 19:50:29 GMT
Connection: keep-alive
ETag: "5b4f9a05-a275"
Accept-Ranges: bytes

castlhill.com/favicon.ico

159.65.99.190

404 Not Found

169 B

URL GET HTTP/1.1
castlhill.com/favicon.ico
IP
159.65.99.190:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://castlhill.com/images/whoops.jpg

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
ca8bba226fc38384d4e889ff1e5f0b02
8dc2ae5a396686aba485bec7815e8fc8a6e12be5
6640c51ecd2c4eb6c19c779df63efed77969da44c085c27f991ba8a40c60c914

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: castlhill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://castlhill.com/images/whoops.jpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Fri, 26 Apr 2024 00:13:03 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers