Report - 107.175.76.130/1.txt

Report Overview

Visited public
2025-01-28 16:57:51
Tags
URL
107.175.76.130/1.txt
Finishing URL
107.175.76.130/1.txt
IP / ASN
107.175.76.130
#36352 AS-COLOCROSSING
Title
107.175.76.130/1.txt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
107.175.76.130	unknown	unknown	No data	No data	734 B	173 kB	107.175.76.130

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-28 16:57:26	medium	Client IP	107.175.76.130	ET HUNTING Terse Request for .txt - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-28	medium	107.175.76.130	Sinkholed
2025-01-28	medium	107.175.76.130	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

107.175.76.130/1.txt

107.175.76.130

200 OK

173 kB

URL User Request GET
107.175.76.130/1.txt
IP
107.175.76.130:0
ASN
#36352 AS-COLOCROSSING

File type
PHP script, Non-ISO extended-ASCII text, with very long lines (61015), with NEL line terminators
Size
173 kB (172585 bytes)
Hash
3d11b11e5f1b73c484c0fb124bd7bcca
1d3a4ef8599c518f39dea5c0bef84c49da5472a7
8ab8bc02428bbb031093f555f009a962fcacf5cc86ba10c272a5362ff3625242

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET HUNTING Terse Request for .txt - Likely Hostile

HTTP Headers

GET /1.txt HTTP/1.1
Host: 107.175.76.130
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.10.4
Date: Tue, 28 Jan 2025 16:57:26 GMT
Content-type: text/plain
Content-Length: 172585
Last-Modified: Fri, 10 May 2024 11:36:52 GMT

107.175.76.130/favicon.ico

107.175.76.130

404 File not found

469 B

URL GET HTTP/1.0
107.175.76.130/favicon.ico
IP
107.175.76.130:80
ASN
#36352 AS-COLOCROSSING

Requested by
http://107.175.76.130/1.txt

File type
HTML document, ASCII text
Size
469 B (469 bytes)
Hash
8a79fc328fcb9d89f90b2029a11bddbd
61bff3612fd2991e195f1f65522e4507fa6b467f
eef948e1d511bd86ff673f904bf0a97106d5395f0b7ed2cfb043da7ccc6ca6dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 107.175.76.130
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://107.175.76.130/1.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 404 File not found
Server: SimpleHTTP/0.6 Python/3.10.4
Date: Tue, 28 Jan 2025 16:57:27 GMT
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 469

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers