Report - nernwu.hstn.me/

Report Overview

Visited public
2024-01-16 01:28:29
Tags
Submit Tags
URL
nernwu.hstn.me/
Finishing URL
nernwu.hstn.me/htm20/
IP / ASN
185.27.134.215
#34119 Wildcard UK Limited
Title
Inicio

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nernwu.hstn.me	unknown	2019-06-03	2024-01-15 23:08:10	2024-01-15 23:08:10	3.2 kB	244 kB	185.27.134.215
aeonfree.com	9391	2019-06-03	2019-06-07 16:13:59	2024-01-11 06:12:14	835 B	2.0 kB	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed
2024-01-16	medium	hstn.me	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

nernwu.hstn.me/

185.27.134.215

825 B

URL
nernwu.hstn.me/
IP
185.27.134.215:0
ASN
#34119 Wildcard UK Limited

File type
HTML document, ASCII text, with very long lines (825), with no line terminators
Size
825 B (825 bytes)
Hash
911a06cfd8de62d09fe6c9c690a3b1ba
6f7caab5a34ca0d5cd0ff012ffa7c15faf6694f8
b49a43926a4936b92bc579bdd682b83c14dcfd28290481f4d9335057d9637b31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:03 GMT
Content-Type: text/html
Content-Length: 825
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

nernwu.hstn.me/aes.js

185.27.134.215

14 kB

URL
nernwu.hstn.me/aes.js
IP
185.27.134.215:0
ASN
#34119 Wildcard UK Limited

File type
ASCII text, with very long lines (13733), with no line terminators
Size
14 kB (13733 bytes)
Hash
fc66e046447092c606f2587837f96874
fcf354a8044f494ee1f9fe868dde3f570f50e593
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aes.js HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nernwu.hstn.me/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: application/javascript
Content-Length: 13733
Last-Modified: Mon, 16 Oct 2023 04:25:51 GMT
Connection: keep-alive
ETag: "652cbb4f-35a5"
Accept-Ranges: bytes

GET nernwu.hstn.me/?i=1

185.27.134.215

0 B

URL User Request GET
nernwu.hstn.me/?i=1
IP
185.27.134.215:0
ASN
#34119 Wildcard UK Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?i=1 HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nernwu.hstn.me/
DNT: 1
Connection: keep-alive
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
location: htm20/
Cache-Control: max-age=0
Expires: Tue, 16 Jan 2024 01:28:04 GMT

GET nernwu.hstn.me/htm20/

185.27.134.215

200 OK

1.3 kB

URL User Request GET HTTP/1.1
nernwu.hstn.me/htm20/
IP
185.27.134.215:80
ASN
#34119 Wildcard UK Limited

File type
HTML document, Unicode text, UTF-8 text
Size
1.3 kB (1264 bytes)
Hash
18e7d8814af9351c49c49d272f91945d
6946d00459055c7434abc41e572b3c4a7f3ef339
634f2639cfc15e4fb99f21fa2219bae507d8cf1f47a0b1ef40df1c61608fad77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /htm20/ HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nernwu.hstn.me/
DNT: 1
Connection: keep-alive
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Expires: Tue, 16 Jan 2024 01:28:04 GMT

GET nernwu.hstn.me/htm20/styles.css

185.27.134.215

200 OK

2.3 kB

URL GET HTTP/1.1
nernwu.hstn.me/htm20/styles.css
IP
185.27.134.215:80
ASN
#34119 Wildcard UK Limited

Requested by
http://nernwu.hstn.me/htm20/

File type
ASCII text
Size
2.3 kB (2338 bytes)
Hash
cdd31a02268d314e6d96805ba1348897
288129d9c2cf8f1c7513e36cda1d38ceaeb9b454
1ffd437b69922eedcbaa75b39bfda8103558c5845c1379705ee1bc4d6d7fbf71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /htm20/styles.css HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nernwu.hstn.me/htm20/
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: text/css
Content-Length: 2338
Connection: keep-alive
Last-Modified: Thu, 26 Oct 2023 08:35:20 GMT
ETag: "922-6089a73be7398"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate
Expires: Thu, 15 Feb 2024 01:28:04 GMT

GET nernwu.hstn.me/htm20/min.css

185.27.134.215

200 OK

164 kB

URL GET HTTP/1.1
nernwu.hstn.me/htm20/min.css
IP
185.27.134.215:80
ASN
#34119 Wildcard UK Limited

Requested by
http://nernwu.hstn.me/htm20/

File type
Unicode text, UTF-8 text, with very long lines (65515)
Size
164 kB (163616 bytes)
Hash
711a5fe017845ec42b337160d4ff938a
d0c200f173cdd57d6951dcbff22ee808a3728fbf
64e28ce2edfa9c618ffd8ad5371a98b27e0b7708e841b3df4ec905a8fad837cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /htm20/min.css HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nernwu.hstn.me/htm20/
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: text/css
Content-Length: 163616
Connection: keep-alive
Last-Modified: Thu, 26 Oct 2023 08:35:20 GMT
ETag: "27f20-6089a73bec988"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate
Expires: Thu, 15 Feb 2024 01:28:04 GMT

GET nernwu.hstn.me/htm20/hejea.jpg

185.27.134.215

200 OK

60 kB

URL GET HTTP/1.1
nernwu.hstn.me/htm20/hejea.jpg
IP
185.27.134.215:80
ASN
#34119 Wildcard UK Limited

Requested by
http://nernwu.hstn.me/htm20/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 1870x690, components 3
Size
60 kB (60167 bytes)
Hash
f308d2a9993716d332681ecd57270907
c12b3b09d3538e8d646982cfcb75b8e40500f7e3
56b352c67858325455bc178b3fd0918bcb8106c1e74b81454c9c3abaa0945470

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /htm20/hejea.jpg HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nernwu.hstn.me/htm20/
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: image/jpeg
Content-Length: 60167
Connection: keep-alive
Last-Modified: Thu, 26 Oct 2023 08:35:18 GMT
ETag: "eb07-6089a73a6c900"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Thu, 15 Feb 2024 01:28:04 GMT

GET nernwu.hstn.me/favicon.ico

185.27.134.215

215 B

URL GET
nernwu.hstn.me/favicon.ico
IP
185.27.134.215:0
ASN
#34119 Wildcard UK Limited

Requested by
http://nernwu.hstn.me/htm20/

File type
HTML document, ASCII text
Size
215 B (215 bytes)
Hash
56403a22e907c6b48209ad85146010e7
ef83243cc7792798901409e123d4d5894d0371e3
091e2594f8a0005298d07b48b82eb1a7d5fbf21bf14967a386b066cfb2e24210

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nernwu.hstn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nernwu.hstn.me/htm20/
Cookie: __test=2ad020d5d714e3685c95927e5fcafaf4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 16 Jan 2024 01:28:04 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 215
Connection: keep-alive
Location: https://aeonfree.com/error/404/
Cache-Control: max-age=2592000
Expires: Thu, 15 Feb 2024 01:28:04 GMT

GET aeonfree.com/error/404

0.0.0.0

0 B

URL GET
aeonfree.com/error/404
IP
0.0.0.0:0
ASN
#0

Requested by
http://nernwu.hstn.me/htm20/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint80:5C:9E:84:EB:40:A7:59:C2:18:FE:CE:25:01:0A:35:46:EC:5D:9F
ValiditySun, 12 Mar 2023 00:00:00 GMT - Sun, 10 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/404 HTTP/1.1
Host: aeonfree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nernwu.hstn.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Jan 2024 01:28:06 GMT
content-type: text/html; charset=UTF-8
age: 55762
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cache-status: "Netlify Edge"; hit
display: orig_site_sol
expires: Mon, 15 Jan 2024 01:28:06 GMT
pagespeed: off
response: 200
vary: Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-nf-request-id: 01HM7Y40FYBEDAF1PXXY3GVRHB
x-origin-cache-control: public,max-age=0,must-revalidate
x-sol: orig
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s66vEzLdiww8AXLaZOoLr7ATbmg2oE4WHmqUOfGSZen%2FfxOchAwR7As5Q4q4HjDDet0jas2ByqRMxe%2FUVTN21GW1xFPRx1RrLqvXjFFgJTLnr1NNuQD2gBPQM%2FMKLKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8462946d9fbe0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET aeonfree.com/error/404/

0.0.0.0

0 B

URL GET
aeonfree.com/error/404/
IP
0.0.0.0:0
ASN
#0

Requested by
http://nernwu.hstn.me/htm20/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint80:5C:9E:84:EB:40:A7:59:C2:18:FE:CE:25:01:0A:35:46:EC:5D:9F
ValiditySun, 12 Mar 2023 00:00:00 GMT - Sun, 10 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/404/ HTTP/1.1
Host: aeonfree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nernwu.hstn.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 16 Jan 2024 01:28:06 GMT
content-type: text/html
cache-control: public, max-age=2592000
cache-status: "Netlify Edge"; hit
display: staticcontent_sol, orig_site_sol
location: /error/404
pagespeed: off
response: 301
vary: Accept-Encoding,User-Agent,Origin
x-ezoic-cdn: Hit ds;mm;b5ba620a74f346f6dd2f94a1bbd12c11;2-326553-13;a32a57be-9d03-42bb-795a-f4233e3e48e9
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 301
x-nf-request-id: 01HKX54XJGATAXNXMAKAECN49J
x-origin-cache-control: 
x-sol: orig
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LiFv0UgbbV8Yrx2B%2BXwRNK7gjgamKumbgnRFFyeMvHC%2BQnrAhbyFIvilIm0Z9c6Sls63tniE8yYqaE51xMVZCmc%2BOEom07Y%2BFRwz3qqnbNZKxS84eciC0e2GV5n6hhM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8462946cef7b0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash