Report - 85.159.66.62/

Report Overview

Submitted URL
85.159.66.62/
IP
85.159.66.62
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi
Submitted
2024-04-24 14:51:34
Access
public
Website Title
Türkiye’nin Lider Domain & Hosting Markası | Natro
Final URL
85.159.66.62/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
85.159.66.62	unknown	unknown	No data	No data	981 B	25 kB	85.159.66.62
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-24	849 B	184 kB	142.250.74.168
www.natro.com	unknown	2000-03-02	2012-07-17	2024-02-25	4.8 kB	256 kB	89.19.5.50
srv.isy-teamblue.services	unknown	2023-10-11	2023-10-26	2024-02-25	410 B	14 kB	81.88.57.79
srv.motu-teamblue.services	unknown	2023-10-11	2023-10-20	2024-03-06	361 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	85.159.66.62	Sinkholed
2024-04-24	medium	85.159.66.62	Sinkholed
2024-04-24	medium	85.159.66.62	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	85.159.66.62/sandbox%20eval%20code	147 B	2023-04-11	2024-05-06
Pretty URL 85.159.66.62/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 05:11:31 Times Seen345072 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-06
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 05:11:32 Times Seen344565 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	117 B	2023-10-14	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 14:43:26 Last Seen2024-04-24 16:51:41 Times Seen6 Hash 4d12f6b6b4ab10d511b1b4addc93f53b e03d890c032b00d2a5c718b7acce33ba9e74fdb6 353121cc6bb85991bfaa20813571272fe94d6485cab28339e1dc6f26ace428ad Loading...

	unknown	418 B	2023-10-14	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 14:43:26 Last Seen2024-04-24 16:51:41 Times Seen6 Hash e41d65e27078caecdbf3c649d9306f81 c3c9b52e4181b0e8f26110e10768254a735740c0 19fa4938fb9be94c5ee1e391199843b36c084bf71f0d5b443ac18e2cf93a606c Loading...

	85.159.66.62/	0 B	2023-03-07	2024-05-06
Pretty URL 85.159.66.62/ IP 85.159.66.62 ASN #34619 Cizgi Telekomunikasyon Anonim Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:32:36 Times Seen37373165 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC	326 kB	2024-04-24	2024-04-24
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 16:51:41 Last Seen2024-04-24 16:51:42 Times Seen2 Hash 0bb8a20df7436868a06f18b3f998e95c 35c0cf868ed68fe9c256302c0541671535e3bef7 c84110ea25e042f06e067894a00241a43532afd1d49b4cfdb35c6efc210bf1da Loading...

	85.159.66.62/	0 B	2023-03-07	2024-05-06
Pretty URL 85.159.66.62/ IP 85.159.66.62 ASN #34619 Cizgi Telekomunikasyon Anonim Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:32:36 Times Seen37373165 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	85.159.66.62/	0 B	2023-03-07	2024-05-06
Pretty URL 85.159.66.62/ IP 85.159.66.62 ASN #34619 Cizgi Telekomunikasyon Anonim Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:32:36 Times Seen37373165 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	85.159.66.62/	146 B	2023-03-26	2024-04-24
Pretty URL 85.159.66.62/ IP 85.159.66.62 ASN #34619 Cizgi Telekomunikasyon Anonim Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 09:47:45 Last Seen2024-04-24 16:51:41 Times Seen11 Hash 63255db9c40febcd0658866084edc834 31855072692042a72ed5e0cd0ba0728f315e4bd7 8c4b6618802ea6c3274af30d242b8813e236beebdd9287f32543f5acdafac6f0 Loading...

	85.159.66.62/	0 B	2023-03-07	2024-05-06
Pretty URL 85.159.66.62/ IP 85.159.66.62 ASN #34619 Cizgi Telekomunikasyon Anonim Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:32:36 Times Seen37373165 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=AW-1064986870	227 kB	2024-04-24	2024-04-24
Pretty URL www.googletagmanager.com/gtag/js?id=AW-1064986870 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 16:51:41 Last Seen2024-04-24 16:51:41 Times Seen2 Hash ebcfeef562d7a1cf47c7f748e1313aee 44a26cf08d857f9def786e5f539ea3fc32a4901d 2c5146e33f31ee05ed652a572910add98190bd7ef974463bab1ca22fc5883845 Loading...

	srv.isy-teamblue.services/js/skeletor.js	32 kB	2024-04-24	2024-04-24
Pretty URL srv.isy-teamblue.services/js/skeletor.js IP 81.88.57.79 ASN #39729 Register S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 16:51:41 Last Seen2024-04-24 16:51:41 Times Seen1 Hash 1ff94a6f8189dfa371a6c7b3a0c15d96 2591617f5a9f99044b53b23bdd23b8adb23439e6 c2dca31214bf2d5291d8e3b6099541a6e01ae96129f8e425411cd95744e72007 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 143f6e01a0aa63970daa04b9dc96aeed	147 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-05 16:28:24 Times Seen1457 Hash 143f6e01a0aa63970daa04b9dc96aeed 2670b1d6a10c9e41d4dc3bc1ff7e1c3767fdc463 4570527997213e7b6f1646ca9dbb2aee54e7a767c71412960bd8f5127c11dbad Loading...

HTTP Transactions (17)

URL IP Response Size

85.159.66.62/

85.159.66.62

9.4 kB

URL User Request GET
85.159.66.62/
IP
85.159.66.62:0
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
9.4 kB (9425 bytes)
Hash
0d5c93ff7a68ecf0463b8796c508a809
71351d5ddc490b6f5b6c2aba30eddc3279b6b2a6
6668b23f0c3dcd6a8abe658b18c23cc6b319ac4dc5113a5fe84a59fbfa7f45e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 85.159.66.62
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 24 Apr 2024 14:51:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Rate-Limit-Limit: 5s
X-Rate-Limit-Remaining: 4
X-Rate-Limit-Reset: 2024-04-24T14:51:16.6739101Z

85.159.66.62/

85.159.66.62

9.4 kB

URL User Request GET
85.159.66.62/
IP
85.159.66.62:0
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
9.4 kB (9425 bytes)
Hash
0d5c93ff7a68ecf0463b8796c508a809
71351d5ddc490b6f5b6c2aba30eddc3279b6b2a6
6668b23f0c3dcd6a8abe658b18c23cc6b319ac4dc5113a5fe84a59fbfa7f45e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 85.159.66.62
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 24 Apr 2024 14:51:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Rate-Limit-Limit: 5s
X-Rate-Limit-Remaining: 3
X-Rate-Limit-Reset: 2024-04-24T14:51:16.6739101Z

www.googletagmanager.com/gtag/js?id=AW-1064986870

142.250.74.168

200 OK

81 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=AW-1064986870
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://85.159.66.62/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
81 kB (80986 bytes)
Hash
ebcfeef562d7a1cf47c7f748e1313aee
44a26cf08d857f9def786e5f539ea3fc32a4901d
2c5146e33f31ee05ed652a572910add98190bd7ef974463bab1ca22fc5883845

HTTP Headers

GET /gtag/js?id=AW-1064986870 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 14:51:12 GMT
expires: Wed, 24 Apr 2024 14:51:12 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80986
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.natro.com/ResourceFiles/v1/css/font-awesome.min.css

89.19.5.50

200 OK

7.3 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/css/font-awesome.min.css
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (30856), with CRLF, LF line terminators
Size
7.3 kB (7325 bytes)
Hash
67bbb2bc665857159f1268a6d566d4d6
c99d5fd4d0fc855897e80a99541d698d6c4ebce7
2d6b5f7c364e71035d7d0f9ae0a256830ec555dcba16e88168899d44cff15397

HTTP Headers

GET /ResourceFiles/v1/css/font-awesome.min.css HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 25 May 2021 10:33:40 GMT
Accept-Ranges: bytes
ETag: "363fc66d5151d71:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Cteonnt-Length: 31023
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Cache-Control: private
Content-Encoding: gzip
Content-Length: 7325

www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap-toggle.min.css

89.19.5.50

200 OK

439 B

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap-toggle.min.css
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (1179), with no line terminators
Size
439 B (439 bytes)
Hash
163f94dd94014f9384f6d50070b21ae5
29a9d209e7aa080fb8474b9bcae6f7948c1036d3
78fdb27e2ebf23c6ae88bc21484afc3cdc41f82c38e65486acb08aa3629ad56f

HTTP Headers

GET /ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap-toggle.min.css HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 10 Feb 2020 15:26:15 GMT
Accept-Ranges: bytes
ETag: "5f62ee6e26e0d51:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Cteonnt-Length: 1182
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Cache-Control: private
Content-Encoding: gzip
Content-Length: 439

www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap.min.css

89.19.5.50

200 OK

22 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap.min.css
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65368)
Size
22 kB (22199 bytes)
Hash
60bf3cdc3ee3c87791c0e1a40bf81212
a2f3aa6f03c80a9804599869e7f5be6a68a0e9b5
af93cf554f12562a14a37761679b3a6af3e247cc98d10c2c9c4c4a1911547fb8

HTTP Headers

GET /ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap.min.css HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 25 May 2021 10:37:12 GMT
Accept-Ranges: bytes
ETag: "af8df4eb5151d71:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Cteonnt-Length: 121224
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Cache-Control: private
Content-Encoding: gzip
Transfer-Encoding: chunked

www.natro.com/ResourceFiles/v1/bundle/css/bundle_header1.css?ver=99fa2324-0b89-5394-4362-019569131911

89.19.5.50

200 OK

39 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/bundle/css/bundle_header1.css?ver=99fa2324-0b89-5394-4362-019569131911
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
39 kB (38771 bytes)
Hash
1189b2c51f530439d3bc621fb148d0a9
6228befa00c0faf71a585bddb7639d43c7ea05ab
1990692e5cc2706b8293a46ecbe9392160d8ce06a8e605471f79ec6545d11971

HTTP Headers

GET /ResourceFiles/v1/bundle/css/bundle_header1.css?ver=99fa2324-0b89-5394-4362-019569131911 HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 16 Feb 2022 09:23:34 GMT
Accept-Ranges: bytes
ETag: "0afb3de1623d81:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
ntCoent-Length: 195089
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Cache-Control: private
Content-Encoding: gzip
Transfer-Encoding: chunked

www.natro.com/ResourceFiles/v1/plugins/jquery-fancybox/jquery.fancybox.min.css

89.19.5.50

200 OK

41 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/plugins/jquery-fancybox/jquery.fancybox.min.css
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65052), with no line terminators
Size
41 kB (40648 bytes)
Hash
a30be39630a077196f0a27ededa424c5
ac3f8d1c09d725de821bed9b40d43b697aaa025b
0e944746ef9c09ee8a8b94d43e75ad6c79d056da2be1beb1a2f0ef1ea51883e9

HTTP Headers

GET /ResourceFiles/v1/plugins/jquery-fancybox/jquery.fancybox.min.css HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 10 Feb 2020 15:24:02 GMT
Accept-Ranges: bytes
ETag: "5cd98c1f26e0d51:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Cteonnt-Length: 65055
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Cache-Control: private
Content-Encoding: gzip
Transfer-Encoding: chunked

www.natro.com/ResourceFiles/v1/images/header/logo_natro.com.png

89.19.5.50

200 OK

2.7 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/images/header/logo_natro.com.png
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
PNG image data, 185 x 40, 8-bit/color RGBA, non-interlaced
Size
2.7 kB (2734 bytes)
Hash
b679ca68fc5fb9af27b2dc647fcec133
149a57649c13b04293d87630f3c8a662a2d376b5
49339d2dfb3d62104a8863b56e31cb5d8dbea54185e189b9ed031697712265d5

HTTP Headers

GET /ResourceFiles/v1/images/header/logo_natro.com.png HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 24 Jan 2017 13:44:38 GMT
Accept-Ranges: bytes
ETag: "0a76014876d21:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Content-Length: 2734

www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

142.250.74.168

200 OK

102 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://85.159.66.62/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (40051)
Size
102 kB (102064 bytes)
Hash
0bb8a20df7436868a06f18b3f998e95c
35c0cf868ed68fe9c256302c0541671535e3bef7
c84110ea25e042f06e067894a00241a43532afd1d49b4cfdb35c6efc210bf1da

HTTP Headers

GET /gtm.js?id=GTM-P4KC6PC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 14:51:12 GMT
expires: Wed, 24 Apr 2024 14:51:12 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102064
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.natro.com/ResourceFiles/v1/images/expired-domain/700x150.png

89.19.5.50

200 OK

74 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/images/expired-domain/700x150.png
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
PNG image data, 700 x 150, 8-bit/color RGBA, non-interlaced
Size
74 kB (74342 bytes)
Hash
679527f7191169927d08af5854afc018
5576847d7c021841c023ddc241c57ddb04c1d316
e33045b69b0e9b3c2f8c444b0b78f72b52778e11645298fe6746a25345a9b493

HTTP Headers

GET /ResourceFiles/v1/images/expired-domain/700x150.png HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 03 Mar 2023 12:08:24 GMT
Accept-Ranges: bytes
ETag: "0ec92dac84dd91:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Content-Length: 74342

www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Regular.woff2

89.19.5.50

200 OK

21 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Regular.woff2
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21076, version 2.0
Size
21 kB (21076 bytes)
Hash
9723add759ca860091c4960e567bd1fa
4205abd79bc0d48a846b267000d47244aa3c7b12
295cb97c01dd59dfbcc57e98444ff5e28b75308faf3d20c161ec82ea57d1ec28

HTTP Headers

GET /ResourceFiles/v1/css/fonts/Roboto-Regular.woff2 HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://85.159.66.62
DNT: 1
Connection: keep-alive
Referer: https://www.natro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Fri, 27 Jan 2017 12:23:52 GMT
Accept-Ranges: bytes
ETag: "0fc2c389878d21:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Content-Length: 21076

www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Light.woff2

89.19.5.50

200 OK

21 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Light.woff2
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21008, version 2.0
Size
21 kB (21008 bytes)
Hash
07b858873616050922721306d9e8e873
5c3c9a7245159be857daaec5882124a29a64c45b
63a115e647cca99dcf0887aac0e1f0f7e8d765531acb8f88fc5a21442860f995

HTTP Headers

GET /ResourceFiles/v1/css/fonts/Roboto-Light.woff2 HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://85.159.66.62
DNT: 1
Connection: keep-alive
Referer: https://www.natro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Fri, 27 Jan 2017 12:23:38 GMT
Accept-Ranges: bytes
ETag: "0c1d42f9878d21:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Content-Length: 21008

www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Bold.woff2

89.19.5.50

200 OK

21 kB

URL GET HTTP/1.1
www.natro.com/ResourceFiles/v1/css/fonts/Roboto-Bold.woff2
IP
89.19.5.50:443
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subjectwww.natro.com
FingerprintEA:FB:FF:E6:59:B8:15:2B:59:AF:57:99:99:52:46:65:D3:54:1B:13
ValidityWed, 10 May 2023 00:00:00 GMT - Wed, 08 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21128, version 2.0
Size
21 kB (21128 bytes)
Hash
ee2d38a5b6c3b01a480f7034f88a9877
5f27a71a6b2e77115b4c454be3898bbdbb69f4e3
d09d61c18d173cbb7aa6b2e6e72cfc28efc572206ed82b42c8e1aa2655b98912

HTTP Headers

GET /ResourceFiles/v1/css/fonts/Roboto-Bold.woff2 HTTP/1.1
Host: www.natro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://85.159.66.62
DNT: 1
Connection: keep-alive
Referer: https://www.natro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Fri, 27 Jan 2017 12:24:10 GMT
Accept-Ranges: bytes
ETag: "091e7429878d21:0"
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
Date: Wed, 24 Apr 2024 14:51:12 GMT
Content-Length: 21128

85.159.66.62/favicon.ico

85.159.66.62

200 OK

5.4 kB

URL GET HTTP/1.1
85.159.66.62/favicon.ico
IP
85.159.66.62:80
ASN
#34619 Cizgi Telekomunikasyon Anonim Sirketi

Requested by
http://85.159.66.62/

File type
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
9200225b96881264e6481c77d69c622c
27608d84e28f926b740038252240f715eeb9d2bd
26dc5ff4bfb9213291735808465e156d4a4691135f3815e3613761243e1f69c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 85.159.66.62
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 24 Apr 2024 14:51:13 GMT
Content-Type: image/x-icon
Content-Length: 5430
Last-Modified: Thu, 13 Oct 2022 18:04:50 GMT
Accept-Ranges: bytes
ETag: "1d8df2e4960d836"

srv.isy-teamblue.services/js/skeletor.js

81.88.57.79

200 OK

14 kB

URL GET HTTP/1.1
srv.isy-teamblue.services/js/skeletor.js
IP
81.88.57.79:443
ASN
#39729 Register S.p.A.

Requested by
http://85.159.66.62/
Certificate
IssuerSectigo Limited
Subject*.isy-teamblue.services
Fingerprint65:18:C6:32:52:19:DB:2D:57:DA:ED:6D:57:C6:91:69:D0:2F:F2:2B
ValidityWed, 18 Oct 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32003), with no line terminators
Size
14 kB (13738 bytes)
Hash
915f9604e367779c253b8c7f4b4082fc
33bd6ea8bf011d2b0ec9d62d857547b5cb8f6216
6648a144e770b30c045c5b7f5b0db2519a368f9f5b2743d070f757851f58917d

HTTP Headers

GET /js/skeletor.js HTTP/1.1
Host: srv.isy-teamblue.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 14:51:13 GMT
Content-Type: application/javascript
Last-Modified: Tue, 23 Apr 2024 14:47:23 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"6627c9fb-7d04"
Expires: Tue, 23 Apr 2024 14:51:13 GMT
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Encoding: gzip

srv.motu-teamblue.services/js/he-man_all.min.js?v=2.1.40&ma=ma_enabled

0.0.0.0

0 B

URL GET
srv.motu-teamblue.services/js/he-man_all.min.js?v=2.1.40&ma=ma_enabled
IP
0.0.0.0:0
ASN
#0

Requested by
http://85.159.66.62/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/he-man_all.min.js?v=2.1.40&ma=ma_enabled HTTP/1.1
Host: srv.motu-teamblue.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.159.66.62/
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by