URL User Request GET HTTP/1.1IP 65.21.94.51:80
ASN#24940 Hetzner Online GmbH
File typeHTML document, ASCII text, with CRLF line terminators Hash242c23ea412530c7d94b77a7a978c176 6e8749068fd6b842992e554b4fea32f9089318ad 557b5e9015b4963a130c7039e077b3ec0306d401b6ee13d631721d5d969d2917
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 65.21.94.51
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 11 Apr 2023 10:05:05 GMT
Accept-Ranges: bytes
ETag: "8366f6165d6cd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 22:18:49 GMT
Content-Length: 609
|
IP65.21.94.51:80 ASN#24940 Hetzner Online GmbH
File typePNG image data, 960 x 600, 8-bit/color RGB, non-interlaced Hash7558b529a6a427f886ec405a097ec6fe fe577840a48d2dcf4ef85500cb0c513cf55d7dd3 5cd971d318349c4644488d55edb1e7357dad8aa3743bef74b84c302580e37d82
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /iisstart.png HTTP/1.1
Host: 65.21.94.51
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://65.21.94.51/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 11 Apr 2023 10:05:05 GMT
Accept-Ranges: bytes
ETag: "8366f6165d6cd91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 22:18:49 GMT
Content-Length: 99710
|
IP65.21.94.51:80 ASN#24940 Hetzner Online GmbH
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 65.21.94.51
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://65.21.94.51/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 22:18:49 GMT
Content-Length: 1245
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=LibAZkhQt4Kj2ysXRlEYWpYfmoX7rtrkg68kxtCD7GG6l1WdkuyMr9L1Qo6eU-tRoHIQq8vI4Ziymxv4Si6ypU0d1rwySKArXlUE689fbsnTAcct5NEHFJtob_sRpJ7t
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 24 Apr 2024 22:18:51 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 17
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|