Report - stephenmichaelsmith.com/babac/rrrjqpv84.bin

Report Overview

Visited public
2023-12-04 05:17:06
Tags
URL
stephenmichaelsmith.com/babac/rrrjqpv84.bin
Finishing URL
stephenmichaelsmith.com/babac/rrrjqpv84.bin
IP / ASN
192.185.88.212
#46606 UNIFIEDLAYER-AS-1
Title
503 - SERVICE UNAVAILABLE

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
stephenmichaelsmith.com	unknown	2002-10-03	2017-09-14 13:30:48	2023-11-21 05:44:53	3.3 kB	30 kB	192.185.88.212
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	347 B	31 kB	151.101.66.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 05:16:55	high	Client IP	192.185.88.212	ThreatFox payload delivery (url - confidence level: 100%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed
2023-12-04	medium	stephenmichaelsmith.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 12:55 Times Seen57430 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	stephenmichaelsmith.com/cgi-sys/js/simple-expand.min.js	ScriptElement	2.8 kB	2023-03-07	2025-05-09
Pretty URL stephenmichaelsmith.com/cgi-sys/js/simple-expand.min.js IP 192.185.88.212 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-05-09 07:38 Times Seen6118 Hash 42cb9467fd660b25209863c072e69342 c4d32879d225f46588fba989f8a2afcb9b49a519 7989430e3c85121caa76c6da31aa38d43ef139062e2c3bd4f4350b62fe90d4d4 Loading...

	stephenmichaelsmith.com/babac/rrrjqpv84.bin	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL stephenmichaelsmith.com/babac/rrrjqpv84.bin IP 192.185.88.212 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 13:05 Times Seen4636053 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (9)

URL IP Response Size

stephenmichaelsmith.com/babac/rrrjqpv84.bin

192.185.88.212

503 Service Unavailable

2.1 kB

URL User Request GET HTTP/1.1
stephenmichaelsmith.com/babac/rrrjqpv84.bin
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.1 kB (2103 bytes)
Hash
dea6e9dbc0d38b8e55fbfe3c9ba398fb
942efea5546b6179a3d9e8f80d277fdffd265269
01b44fe82a629bf6f6ec3274fd197eebb2b4eea06e1501ce462052525f4788f1

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox payload delivery (url - confidence level: 100%)

HTTP Headers

GET /babac/rrrjqpv84.bin HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
last-modified: Thu, 06 Oct 2022 11:40:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2103
content-type: text/html
date: Mon, 04 Dec 2023 05:16:49 GMT
server: Apache
X-Firefox-Spdy: h2

stephenmichaelsmith.com/babac/rrrjqpv84.bin

192.185.88.212

503 Service Unavailable

2.1 kB

URL User Request GET HTTP/1.1
stephenmichaelsmith.com/babac/rrrjqpv84.bin
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.1 kB (2103 bytes)
Hash
dea6e9dbc0d38b8e55fbfe3c9ba398fb
942efea5546b6179a3d9e8f80d277fdffd265269
01b44fe82a629bf6f6ec3274fd197eebb2b4eea06e1501ce462052525f4788f1

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox payload delivery (url - confidence level: 100%)

HTTP Headers

GET /babac/rrrjqpv84.bin HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Date: Mon, 04 Dec 2023 05:16:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Thu, 06 Oct 2022 11:40:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2103
Content-Type: text/html

code.jquery.com/jquery-3.3.1.min.js

151.101.66.137

200 OK

30 kB

URL GET HTTP/1.1
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.66.137:80
ASN
#54113 FASTLY

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
ASCII text, with very long lines (65451)
Size
30 kB (30288 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 30288
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-1538f"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 04 Dec 2023 05:16:49 GMT
Age: 6864810
X-Served-By: cache-lga13622-LGA, cache-bma1646-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 24, 402053
X-Timer: S1701667010.744923,VS0,VE0
Vary: Accept-Encoding

stephenmichaelsmith.com/cgi-sys/js/simple-expand.min.js

192.185.88.212

200 OK

1.2 kB

URL GET HTTP/1.1
stephenmichaelsmith.com/cgi-sys/js/simple-expand.min.js
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
ASCII text, with very long lines (2608)
Size
1.2 kB (1191 bytes)
Hash
42cb9467fd660b25209863c072e69342
c4d32879d225f46588fba989f8a2afcb9b49a519
7989430e3c85121caa76c6da31aa38d43ef139062e2c3bd4f4350b62fe90d4d4

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/js/simple-expand.min.js HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 05:16:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 06 Oct 2022 11:38:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1191
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript

stephenmichaelsmith.com/cgi-sys/images/404top_w.jpg

192.185.88.212

200 OK

4.3 kB

URL GET HTTP/1.1
stephenmichaelsmith.com/cgi-sys/images/404top_w.jpg
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3\012- data
Size
4.3 kB (4335 bytes)
Hash
de6ecbbb2471827d90bf32c47a0cbc45
ffeaafe8b9ca2752908c5d4e95e4803ef7ffdd18
5cae6c33f0f9d4449ce8539a60e7d40eba2ddc75979fc26284854a29c36d08cb

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/images/404top_w.jpg HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 05:16:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 12:08:54 GMT
Accept-Ranges: bytes
Content-Length: 4335
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg

stephenmichaelsmith.com/cgi-sys/images/404mid.gif

192.185.88.212

200 OK

120 B

URL GET HTTP/1.1
stephenmichaelsmith.com/cgi-sys/images/404mid.gif
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
GIF image data, version 89a, 868 x 4\012- data
Size
120 B (120 bytes)
Hash
dc8055f43fbb4a4b6dfb298ec35188f2
1ffc540743de1cdb929d9d1218978005141e8d9d
b857737891b84293b3df526b48ce3d54fdcc5789c250eadff9dd38e3c2c68caf

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/images/404mid.gif HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 05:16:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 06 Oct 2022 11:40:21 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=75
Content-Type: image/gif

stephenmichaelsmith.com/cgi-sys/images/404bottom.gif

192.185.88.212

200 OK

537 B

URL GET HTTP/1.1
stephenmichaelsmith.com/cgi-sys/images/404bottom.gif
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
GIF image data, version 89a, 868 x 14\012- data
Size
537 B (537 bytes)
Hash
54eb288427acf79ed320efd4916fe0b7
67ba813ff74d52035d70fcda58b57563f01fb829
70e4a5f9f7d98c1564b17ecc69196fed4f74fe5afb2c61b4fb7045dd3309dc4f

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/images/404bottom.gif HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 05:16:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 06 Oct 2022 11:39:46 GMT
Accept-Ranges: bytes
Content-Length: 537
Keep-Alive: timeout=5, max=75
Content-Type: image/gif

stephenmichaelsmith.com/cgi-sys/images/w.png

192.185.88.212

200 OK

16 kB

URL GET HTTP/1.1
stephenmichaelsmith.com/cgi-sys/images/w.png
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15531 bytes)
Hash
0338bad217810b4f084745bd38469a67
83ec76ecf73920a2500af10318bc45bfe96cea97
4c2e4c7df80b8530a36e3ea84c86016e19420f651d2136a9de57d6eb994239ee

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/images/w.png HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 05:16:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 06 Oct 2022 11:39:51 GMT
Accept-Ranges: bytes
Content-Length: 15531
Keep-Alive: timeout=5, max=75
Content-Type: image/png

stephenmichaelsmith.com/favicon.ico

192.185.88.212

503 Service Unavailable

2.1 kB

URL GET HTTP/1.1
stephenmichaelsmith.com/favicon.ico
IP
192.185.88.212:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://stephenmichaelsmith.com/babac/rrrjqpv84.bin

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.1 kB (2103 bytes)
Hash
dea6e9dbc0d38b8e55fbfe3c9ba398fb
942efea5546b6179a3d9e8f80d277fdffd265269
01b44fe82a629bf6f6ec3274fd197eebb2b4eea06e1501ce462052525f4788f1

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stephenmichaelsmith.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://stephenmichaelsmith.com/babac/rrrjqpv84.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Date: Mon, 04 Dec 2023 05:16:50 GMT
Server: Apache
Last-Modified: Thu, 06 Oct 2022 11:40:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2103
Connection: close
Content-Type: text/html

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN