Report - dais7nsa.shop

Report Overview

Visitedpublic

2024-09-04 10:52:49

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-03 18:12:24	1.3 kB	3.5 kB	23.33.119.27
dais7nsa.shop	unknown	2024-08-01	2024-09-02 08:34:00	2024-09-02 08:34:21	866 B	1.9 kB	172.67.145.228
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-03 18:12:05	327 B	887 B	23.33.119.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-09-04 10:52:24	high	Client IP	104.21.28.115	ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dais7nsa .shop)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-09-04	medium	dais7nsa.shop	Sinkholed
2024-09-04	medium	dais7nsa.shop	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-04	medium	dais7nsa.shop	Sinkholed
2024-09-04	medium	dais7nsa.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-03

Last Seen2024-09-19

Times Seen28107

Size504 B (504 bytes)

MD58d2e6150f7d0845dc26f5bd5cd6f28dd

SHA16aad5091620585a5f76065c1888456ee70b88257

SHA256ed538ea400323f4c987f91c0b0afc79a8526b62f7aa317dd62bd107cb37850a2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED538EA400323F4C987F91C0B0AFC79A8526B62F7AA317DD62BD107CB37850A2"
Last-Modified: Tue, 03 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3046
Expires: Wed, 04 Sep 2024 11:43:09 GMT
Date: Wed, 04 Sep 2024 10:52:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen35846

Size504 B (504 bytes)

MD566fbf7f95cb55f388373a20d4b1a736e

SHA1afc34259758a563362367848629ff7639982e1fb

SHA25641c00088afc20571f6a0c6998324d9517346256ac33696dc706192ec606fe7a7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41C00088AFC20571F6A0C6998324D9517346256AC33696DC706192EC606FE7A7"
Last-Modified: Mon, 02 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18782
Expires: Wed, 04 Sep 2024 16:05:25 GMT
Date: Wed, 04 Sep 2024 10:52:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen16139

Size504 B (504 bytes)

MD53b182d2525d361002ced8590b8a9ce07

SHA112cd4e482375e47fdc8cde29fe98a6e3498260df

SHA25662ed97a3678824305419366056fd0bee73359522822ca42a16fabdcc3ad982be

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62ED97A3678824305419366056FD0BEE73359522822CA42A16FABDCC3AD982BE"
Last-Modified: Mon, 02 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8407
Expires: Wed, 04 Sep 2024 13:12:31 GMT
Date: Wed, 04 Sep 2024 10:52:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen22244

Size504 B (504 bytes)

MD5cabaaa7c3e6a621cc5836be05eee4924

SHA1c4bc6288aed0597ff7ae2dbc5aea340b6c9636b8

SHA2562b2a41201a3881bd029ab7161be291b23128d5952e5959092607b98c951fa18c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2B2A41201A3881BD029AB7161BE291B23128D5952E5959092607B98C951FA18C"
Last-Modified: Mon, 02 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8498
Expires: Wed, 04 Sep 2024 13:14:02 GMT
Date: Wed, 04 Sep 2024 10:52:24 GMT
Connection: keep-alive

GET dais7nsa.shop/

172.67.145.228

404 Not Found

167 B

URL

dais7nsa.shop/

IP / ASN

172.67.145.228

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-02

Times Seen190492

Size167 B (167 bytes)

MD50104c301c5e02bd6148b8703d19b3a73

SHA17436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 04 Sep 2024 10:52:24 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 04 Sep 2024 11:52:24 GMT
Location: https://dais7nsa.shop/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjNxYPaR8Mq4IZMGGBnmKJVvt1NpV7aR3YpT0yRIVBriFvciWmIOeSgW%2FsuPlgudIn6qlby46odXDgaqmiO6U6j19%2BThYmp4SPDfmXb0bifydCvPrQbCBGX4r4Bsv5ba"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8bdd6e0dbd6356c7-OSL
alt-svc: h2=":443"; ma=60

GET dais7nsa.shop/

104.21.28.115

404 Not Found

546 B

URL

dais7nsa.shop/

IP / ASN

104.21.28.115

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size546 B (546 bytes)

MD5afbf0b0dd4d1a4aab6fc82dcf42e8983

SHA16010d6a768a7117157063ad00e1b5793c1729804

SHA256495be2ec2de4c37fbf0ca838aefa6558e4d9c8d253d43a32307bf2ce006e2544

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 04 Sep 2024 10:52:24 GMT
content-type: application/json
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Hs9pzPL45tgO8PUyegmd1cIKVLryqYilbBzzsNZboLr0gx137c9kkOBaNemiIZUqVCBjav08S%2BHm3AE8nKkVSEn5iCmxa%2Bwm2Zb%2FDV5a43dUnjo3OFwN9HsNp7zJ%2FTr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bdd6e0defb9569d-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.33.119.10

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.10

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8926
Expires: Wed, 04 Sep 2024 13:21:12 GMT
Date: Wed, 04 Sep 2024 10:52:26 GMT
Connection: keep-alive