Report - departamentodetarjetas.sbs/11%20(1)%20(1).zip?_

Report Overview

Visited public
2024-09-26 23:10:40
Tags
URL
departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522
Finishing URL
departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522
IP / ASN
176.123.0.55
#200019 Alexhost Srl
Title
403 Forbidden

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-26 18:37:25	1.6 kB	4.4 kB	23.33.119.27
departamentodetarjetas.sbs	unknown	2024-09-23	2024-09-23 09:05:30	2024-09-25 02:59:50	948 B	1.3 kB	176.123.0.55
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-26 18:37:24	1.3 kB	3.5 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-26	medium	departamentodetarjetas.sbs	Sinkholed
2024-09-26	medium	departamentodetarjetas.sbs	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a3930a88784fe653b2ec25e240074298
d2409345400ec01552850d6c48868450ff7512e6
42e5cee42bd074645a594dc518c9d95d8b21ecaf889e3cd003613b90090c6dd1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "42E5CEE42BD074645A594DC518C9D95D8B21ECAF889E3CD003613B90090C6DD1"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5299
Expires: Fri, 27 Sep 2024 00:38:33 GMT
Date: Thu, 26 Sep 2024 23:10:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b6ecb6018a51380d08a47460236a395c
1ce7fe77c21188624302a660a289fe1ce6e7a9e4
ec876edd163ea26b47c9b862c795844f5dd01452095287ea5cd920e3b512672a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC876EDD163EA26B47C9B862C795844F5DD01452095287EA5CD920E3B512672A"
Last-Modified: Wed, 25 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16182
Expires: Fri, 27 Sep 2024 03:39:56 GMT
Date: Thu, 26 Sep 2024 23:10:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3103fb1d1a919eb0d7b8a9d179fc0697
5f40ca033f1637117fafa094cb334a3d7a0bd8bb
21d190a1353e17aa721c3f3b5860a6dc765559c9a2c1bede3028e571e4e8b5d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "21D190A1353E17AA721C3F3B5860A6DC765559C9A2C1BEDE3028E571E4E8B5D8"
Last-Modified: Thu, 26 Sep 2024 14:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5131
Expires: Fri, 27 Sep 2024 00:35:46 GMT
Date: Thu, 26 Sep 2024 23:10:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c56ad8f187bab174c38e26d598c6aa0a
29826babc65a845692a857af04aeeb939efd9935
b6710c289ff4da1da6b1f806831b07467e01453a6aeae5c6a8d927943715e76c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6710C289FF4DA1DA6B1F806831B07467E01453A6AEAE5C6A8D927943715E76C"
Last-Modified: Thu, 26 Sep 2024 17:06:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2978
Expires: Thu, 26 Sep 2024 23:59:53 GMT
Date: Thu, 26 Sep 2024 23:10:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f92ee896f8b0e1530640fbfffc5b0863
5fa0cc64de645407e5e12e938d063ccb8ab7abf0
96bcd34d2f7e0f94b08d45549c13929a61d88e7685833b407f3d2ccdf10f61e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "96BCD34D2F7E0F94B08D45549C13929A61D88E7685833B407F3D2CCDF10F61E7"
Last-Modified: Wed, 25 Sep 2024 21:29:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 27 Sep 2024 05:10:15 GMT
Date: Thu, 26 Sep 2024 23:10:15 GMT
Connection: keep-alive

departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522

176.123.0.55

403 Forbidden

494 B

URL User Request GET HTTP/1.1
departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522
IP
176.123.0.55:80
ASN
#200019 Alexhost Srl

File type
HTML document, ASCII text
Size
494 B (494 bytes)
Hash
be15f6d46d247a93f4d10a9ebc7eed91
aa92558a5eacf2aca44790b7def01ce540cc9f6e
1533f51b051d236489a2d0ea7f5608c178a59d2e6a681aec78b7b15e7ceb8c96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522 HTTP/1.1
Host: departamentodetarjetas.sbs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Thu, 26 Sep 2024 23:10:15 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

departamentodetarjetas.sbs/favicon.ico

176.123.0.55

404 Not Found

238 B

URL GET HTTP/1.1
departamentodetarjetas.sbs/favicon.ico
IP
176.123.0.55:80
ASN
#200019 Alexhost Srl

Requested by
http://departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522

File type
HTML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: departamentodetarjetas.sbs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://departamentodetarjetas.sbs/11%20(1)%20(1).zip?__im-ttggamqk=6887461246528466522
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Sep 2024 23:10:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2219
Expires: Thu, 26 Sep 2024 23:47:16 GMT
Date: Thu, 26 Sep 2024 23:10:17 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2219
Expires: Thu, 26 Sep 2024 23:47:16 GMT
Date: Thu, 26 Sep 2024 23:10:17 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2219
Expires: Thu, 26 Sep 2024 23:47:16 GMT
Date: Thu, 26 Sep 2024 23:10:17 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2219
Expires: Thu, 26 Sep 2024 23:47:16 GMT
Date: Thu, 26 Sep 2024 23:10:17 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers