Report - ctt55.top

Report Overview

Visited public
2024-12-21 06:52:28
Tags
URL
ctt55.top
Finishing URL
156.234.170.15:8888/#/link?join=3510692
IP / ASN
206.119.81.59
#140227 Hong Kong Communications International Co., Limited
Title
403 Forbidden

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ctt55.top	unknown	2024-08-11	2024-09-20	2024-09-20	889 B	988 B	206.119.81.59
156.234.170.15	unknown	unknown	No data	No data	1.5 kB	1.6 kB	156.234.170.15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-20	medium	156.234.170.15	Sinkholed
2024-12-20	medium	156.234.170.15	Sinkholed
2024-12-20	medium	156.234.170.15	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

ctt55.top/

206.119.81.59

200 OK

411 B

URL
ctt55.top/
IP
206.119.81.59:0
ASN
#140227 Hong Kong Communications International Co., Limited

File type
HTML document, ASCII text
Size
411 B (411 bytes)
Hash
b15a0ecd2e1f6806501c8d7d2c7237f3
9789ab779e18f8a631514d9fae7d3ad55df9984f
c88a5314bfb483b91c48607a7777c7b5b1cebde3dc9761c8ffeb68b0e1542530

HTTP Headers

GET / HTTP/1.1
Host: ctt55.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Dec 2024 06:52:04 GMT
content-type: text/html
content-length: 411
last-modified: Tue, 17 Dec 2024 15:27:41 GMT
etag: "6761986d-19b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ctt55.top/favicon.ico

206.119.81.59

404 Not Found

148 B

URL
ctt55.top/favicon.ico
IP
206.119.81.59:0
ASN
#140227 Hong Kong Communications International Co., Limited

File type
HTML document, ASCII text
Size
148 B (148 bytes)
Hash
630e1f9fef1a483fe84154e2d0d046df
f10e0cf39fb920a438116caaea80a71e0dcdc162
9cad3cff676946810a81047247f12e4e51faccc01df4134edfd871aee8ba0956

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ctt55.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctt55.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 21 Dec 2024 06:52:05 GMT
content-type: text/html
content-length: 148
etag: "67433ef6-94"
X-Firefox-Spdy: h2

156.234.170.15:8888/

156.234.170.15

403 Forbidden

405 B

URL
156.234.170.15:8888/
IP
156.234.170.15:0
ASN
#136800 MOACK.Co.LTD

File type
HTML document, ASCII text
Size
405 B (405 bytes)
Hash
6861b62ced046167ccbb53499155ed3f
af25e90845f227db2528ddb8b84eab79cd1c41b5
d2f6876be524fded09fd73f70607e0447b577b2421f1aa5d1102dd0acd1f4718

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 156.234.170.15:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctt55.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
content-length: 405
date: Sat, 21 Dec 2024 06:52:07 GMT
X-Firefox-Spdy: h2

156.234.170.15:8888/favicon.ico

156.234.170.15

403 Forbidden

405 B

URL GET HTTP/2
156.234.170.15:8888/favicon.ico
IP
156.234.170.15:8888
ASN
#136800 MOACK.Co.LTD

Requested by
https://156.234.170.15:8888/#/link?join=3510692
Certificate
IssuerSectigo Limited
Subject23.248.239.146
Fingerprint6D:4F:05:95:43:70:26:F1:3C:76:2B:45:3B:C3:18:7E:6D:EB:37:2B
ValidityTue, 16 Jul 2024 00:00:00 GMT - Sat, 16 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
405 B (405 bytes)
Hash
45e324ff485ff2ec4abd676a95d5e836
5ad9de033fed5a31452ffecbdfa81d44d8a4510a
191c895556e819d125e806d376474bbc602f35138f8f42d9be3e6bb18cb9d1fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 156.234.170.15:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://156.234.170.15:8888/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
content-length: 405
date: Sat, 21 Dec 2024 06:52:09 GMT
X-Firefox-Spdy: h2

156.234.170.15:8888/

156.234.170.15

403 Forbidden

405 B

URL User Request GET HTTP/2
156.234.170.15:8888/
IP
156.234.170.15:8888
ASN
#136800 MOACK.Co.LTD

Certificate
IssuerSectigo Limited
Subject23.248.239.146
Fingerprint6D:4F:05:95:43:70:26:F1:3C:76:2B:45:3B:C3:18:7E:6D:EB:37:2B
ValidityTue, 16 Jul 2024 00:00:00 GMT - Sat, 16 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (434), with no line terminators
Size
405 B (405 bytes)
Hash
c14aef0404f8fc04942dfd679ecd3249
3f5ac8b5e0a971033a7b4034ebadb4f359b9a1a0
433bb1cc13d6dec165198774862e582abaf1e6c3176222e3bbd9d75beead6a90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 156.234.170.15:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctt55.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
content-length: 405
date: Sat, 21 Dec 2024 06:52:07 GMT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers