Report - 185.80.130.149/??z289mszzmt0xnzu2mdc2jnmypteynji2ntezoczzmz1nwa==

Report Overview

Visitedpublic

2024-10-13 16:34:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	unknown	No data	No data	654 B	1.8 kB	23.36.77.32
r10.o.lencr.org	unknown	unknown	No data	No data	1.3 kB	3.5 kB	23.36.76.225
185.80.130.149	unknown	unknown	No data	No data	859 B	611 B	185.80.130.149

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-10-13 15:52:05	high	185.80.130.149	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2024-10-13 15:52:05	high	185.80.130.149	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2024-10-13 15:52:05	high	185.80.130.149	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-13	medium	185.80.130.149	Sinkholed
2024-10-13	medium	185.80.130.149	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	about:neterror?e=corruptedContentErrorv2&u=http%3A//185.80.130.149/public/%3F%3Anav%3Ddefault%3A%3Aindex%26go%3D%26s1%3D%26s2%3D&c=UTF-8&d=The%20site%20at%20http%3A//185.80.130.149/public/%3F%3Anav%3Ddefault%3A%3Aindex%26go%3D%26s1%3D%26s2%3D%20has%20experienced%20a%20network%20protocol%20violation%20that%20cannot%20be%20repaired.	ScriptElement	0 B	0001-01-01	2025-08-02
URL about:neterror?e=corruptedContentErrorv2&u=http%3A//185.80.130.149/public/%3F%3Anav%3Ddefault%3A%3Aindex%26go%3D%26s1%3D%26s2%3D&c=UTF-8&d=The%20site%20at%20http%3A//185.80.130.149/public/%3F%3Anav%3Ddefault%3A%3Aindex%26go%3D%26s1%3D%26s2%3D%20has%20experienced%20a%20network%20protocol%20violation%20that%20cannot%20be%20repaired. IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5608772 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.225

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-14

Times Seen4432

Size504 B (504 bytes)

MD5593365a0f530cb89c74689915a3c02d9

SHA1a24701a4c2f69ffe105cb626f5175162444737b6

SHA2563d920278b1d885a71e5aad3ea6a51ae89a72df31ab6402232ccd37a03b0e1ef1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3D920278B1D885A71E5AAD3EA6A51AE89A72DF31AB6402232CCD37A03B0E1EF1"
Last-Modified: Sun, 13 Oct 2024 10:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4660
Expires: Sun, 13 Oct 2024 17:09:44 GMT
Date: Sun, 13 Oct 2024 15:52:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-12

Last Seen2024-10-13

Times Seen4789

Size504 B (504 bytes)

MD549d459d67cc355bc94b61374550e46e4

SHA1f33374c797ec2c4b41e64791a567840cda10020b

SHA2569e7cfd194040f99f45409a893e3e6028c1f58908844191e843ff0261a1b09530

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9E7CFD194040F99F45409A893E3E6028C1F58908844191E843FF0261A1B09530"
Last-Modified: Sat, 12 Oct 2024 18:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4746
Expires: Sun, 13 Oct 2024 17:11:10 GMT
Date: Sun, 13 Oct 2024 15:52:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-13

Times Seen2534

Size504 B (504 bytes)

MD5c5d761b2efb99bc057dddb33b1ed7f0d

SHA1b866196f4c9b75af4104465b84c7535a3667d69b

SHA256c5fc67c485a256e675f85a90063218e049295d6ebf09d48c3a63bf1aeee04f1e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C5FC67C485A256E675F85A90063218E049295D6EBF09D48C3A63BF1AEEE04F1E"
Last-Modified: Sun, 13 Oct 2024 10:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5046
Expires: Sun, 13 Oct 2024 17:16:11 GMT
Date: Sun, 13 Oct 2024 15:52:05 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-12

Last Seen2024-10-13

Times Seen4768

Size504 B (504 bytes)

MD5374cd62f7e2ef30aa12a90321ec28f07

SHA16b13457ef66e3ff2f77848e56f69a1872261c24a

SHA256c911b66cd0725eef5fcfe41575902da1f6415506dd7aa4c0b41e457775344823

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C911B66CD0725EEF5FCFE41575902DA1F6415506DD7AA4C0B41E457775344823"
Last-Modified: Sat, 12 Oct 2024 05:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4719
Expires: Sun, 13 Oct 2024 17:10:44 GMT
Date: Sun, 13 Oct 2024 15:52:05 GMT
Connection: keep-alive

GET 185.80.130.149/??z289mszzmt0xnzu2mdc2jnmypteynji2ntezoczzmz1nwa==

185.80.130.149

302 Found

0 B

URL

185.80.130.149/??z289mszzmt0xnzu2mdc2jnmypteynji2ntezoczzmz1nwa==

IP / ASN

185.80.130.149

#61053 UAB ESNET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608772

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /??z289mszzmt0xnzu2mdc2jnmypteynji2ntezoczzmz1nwa== HTTP/1.1
Host: 185.80.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 13 Oct 2024 15:51:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Location: http://185.80.130.149/public/?:nav=default::index&go=&s1=&s2=
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET 185.80.130.149/public/?:nav=default::index&go=&s1=&s2=

185.80.130.149

302 Found

0 B

URL

185.80.130.149/public/?:nav=default::index&go=&s1=&s2=

IP / ASN

185.80.130.149

#61053 UAB ESNET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608772

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/?:nav=default::index&go=&s1=&s2= HTTP/1.1
Host: 185.80.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 13 Oct 2024 15:51:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Location: http://
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-13

Times Seen4597

Size504 B (504 bytes)

MD5143cafab2abc2c8dff00d2db2d46b804

SHA151fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9

SHA2562436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B"
Last-Modified: Sun, 13 Oct 2024 09:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sun, 13 Oct 2024 17:32:21 GMT
Date: Sun, 13 Oct 2024 15:52:07 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-13

Times Seen4597

Size504 B (504 bytes)

MD5143cafab2abc2c8dff00d2db2d46b804

SHA151fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9

SHA2562436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B"
Last-Modified: Sun, 13 Oct 2024 09:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sun, 13 Oct 2024 17:32:21 GMT
Date: Sun, 13 Oct 2024 15:52:07 GMT
Connection: keep-alive