Report - domain-botnet.servehttp.com/and

Report Overview

Submitted URL
domain-botnet.servehttp.com/and
IP
51.79.217.59
ASN
#16276 OVH SAS
Submitted
2024-04-25 12:16:31
Access
public
Website Title
domain-botnet.servehttp.com/and
Final URL
domain-botnet.servehttp.com/and
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
4
Network Intrusion Detection
3
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
domain-botnet.servehttp.com	unknown	unknown	No data	No data	1.0 kB	4.6 kB	51.79.217.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 12:16:10	medium	Client IP	51.79.217.59	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
2024-04-25 12:16:17	medium	Client IP	51.79.217.59	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
2024-04-25 12:16:17	medium	Client IP	51.79.217.59	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

domain-botnet.servehttp.com/

51.79.217.59

212 B

URL
domain-botnet.servehttp.com/
IP
51.79.217.59:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text
Size
212 B (212 bytes)
Hash
efcb5f99b0f85d76dcd37f09845a05b2
a7eff4f80d13dcc9e373accac5c686df0f78ad65
5590b93ae594d2cf199dd46646d046f341ad738bdb279d3156306429c1d533f0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain

HTTP Headers

GET / HTTP/1.1
Host: domain-botnet.servehttp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 12:16:10 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 212
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

domain-botnet.servehttp.com/and

51.79.217.59

200 OK

3.5 kB

URL User Request GET HTTP/1.1
domain-botnet.servehttp.com/and
IP
51.79.217.59:80
ASN
#16276 OVH SAS

File type
ASCII text
Size
3.5 kB (3452 bytes)
Hash
0688fab99046df306e65cf74369be3a4
a8f8c878f10fbb43d0c72b07888e6b9ffeab2193
b3d2c9d4d461b122fb049c5ef533de2e5d2352ebd41218a38cbf96a9a843e567

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain

HTTP Headers

GET /and HTTP/1.1
Host: domain-botnet.servehttp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 12:16:16 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Wed, 24 Apr 2024 19:25:28 GMT
ETag: "d7c-616dca220dab0"
Accept-Ranges: bytes
Content-Length: 3452
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

domain-botnet.servehttp.com/favicon.ico

51.79.217.59

404 Not Found

209 B

URL GET HTTP/1.1
domain-botnet.servehttp.com/favicon.ico
IP
51.79.217.59:80
ASN
#16276 OVH SAS

Requested by
http://domain-botnet.servehttp.com/and

File type
HTML document, ASCII text
Size
209 B (209 bytes)
Hash
18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: domain-botnet.servehttp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://domain-botnet.servehttp.com/and
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 25 Apr 2024 12:16:17 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 209
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers