Report - 167.99.129.68/gmbot/geek

Report Overview

Visitedpublic

2024-08-29 04:19:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-28 18:12:05	654 B	1.8 kB	23.36.77.32
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-28 18:12:07	981 B	2.7 kB	23.36.76.226
167.99.129.68	unknown	unknown	2022-06-16 16:46:49	2024-04-14 15:55:29	741 B	1.6 kB	167.99.129.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	167.99.129.68	Sinkholed
2024-08-29	medium	167.99.129.68	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-29

Times Seen11048

Size504 B (504 bytes)

MD538cbe2bf8b6d9ff466a715bd835ea451

SHA134536bdff6310a8b4ccb1bee5eb1ddd98ed57a0f

SHA2561ae38d2373eb268f96ff536531fdc13ba00a9c4bd66496cd7e434e0d2e68a02f

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1AE38D2373EB268F96FF536531FDC13BA00A9C4BD66496CD7E434E0D2E68A02F"
Last-Modified: Wed, 28 Aug 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6889
Expires: Thu, 29 Aug 2024 06:13:52 GMT
Date: Thu, 29 Aug 2024 04:19:03 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen15665

Size504 B (504 bytes)

MD5e39dce5ea747184cd9620a6a6cb8835f

SHA1bbc61ed7858f2eb5554561ba25639c1fbe6898f4

SHA2562a600466bc852e883cba5f66b9179846ba7263ea2ef806f62666923a82bb7e8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2A600466BC852E883CBA5F66B9179846BA7263EA2EF806F62666923A82BB7E8D"
Last-Modified: Wed, 28 Aug 2024 14:36:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8304
Expires: Thu, 29 Aug 2024 06:37:27 GMT
Date: Thu, 29 Aug 2024 04:19:03 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-29

Last Seen2024-08-31

Times Seen14619

Size504 B (504 bytes)

MD5394892113e0ffb33f2ffdbe727637967

SHA16356e0f13c62b88d4f8a3a20336c86b21b9e7b43

SHA2567bfca20b125a7ca370d17340cd1425663c1c6e81f8a0c42aa9703e88e2fa5ebd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7BFCA20B125A7CA370D17340CD1425663C1C6E81F8A0C42AA9703E88E2FA5EBD"
Last-Modified: Wed, 28 Aug 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9707
Expires: Thu, 29 Aug 2024 07:00:50 GMT
Date: Thu, 29 Aug 2024 04:19:03 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen18617

Size504 B (504 bytes)

MD5fdbea8492a4c466e40797f5c241f80c0

SHA15b54da6a3949155c0e32e21a9c438e255ad71720

SHA256965090df69898508429e57657077a1625c55dd348039f37cbb2451d9460886a0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "965090DF69898508429E57657077A1625C55DD348039F37CBB2451D9460886A0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6034
Expires: Thu, 29 Aug 2024 05:59:37 GMT
Date: Thu, 29 Aug 2024 04:19:03 GMT
Connection: keep-alive

GET 167.99.129.68/gmbot/geek

167.99.129.68

200 OK

848 B

URL

167.99.129.68/gmbot/geek

IP / ASN

167.99.129.68

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typePOSIX shell script, ASCII text executable

First Seen2024-08-29

Last Seen2024-08-29

Times Seen1

Size848 B (848 bytes)

MD575775ecf95d4ee59f337fba117de3090

SHA1e93c051c09d01e5008eaebf3371b9320710182e0

SHA256c11a11b7a1d586dd2b2dde6fa04499c72c15f533f5a1f67c665f4d5732d148fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gmbot/geek HTTP/1.1
Host: 167.99.129.68
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Aug 2024 04:19:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 21 Aug 2024 17:30:33 GMT
ETag: "350-62034e63c1dad"
Accept-Ranges: bytes
Content-Length: 848
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

GET 167.99.129.68/favicon.ico

167.99.129.68

404 Not Found

275 B

URL

167.99.129.68/favicon.ico

IP / ASN

167.99.129.68

#14061 DIGITALOCEAN-ASN

Requested byhttp://167.99.129.68/gmbot/geek

Resource Info

File typeHTML document, ASCII text

First Seen2024-08-29

Last Seen2024-08-29

Times Seen1

Size275 B (275 bytes)

MD59d3c2ca2168f73a09dd14899115ff7de

SHA11f6b3adb4853a68f3e59ba40076bb633a5ec85da

SHA256333ce87a9633d057845d2109c95aa6b68962b61e95b3ff6955ca9f3f3b386da5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 167.99.129.68
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://167.99.129.68/gmbot/geek
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 29 Aug 2024 04:19:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 275
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6441
Expires: Thu, 29 Aug 2024 06:06:26 GMT
Date: Thu, 29 Aug 2024 04:19:05 GMT
Connection: keep-alive