Report - itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

Report Overview

Visited public
2024-02-16 09:38:03
Tags
URL
itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Finishing URL
itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
IP / ASN
54.202.251.224
#16509 AMAZON-02
Title
FINANCING THE CLIMATE TRANSITION

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
improxy.benchmarkemail.com	unknown	2003-02-07	2017-01-30 11:29:18	2023-10-24 01:16:15	1.0 kB	371 B	35.209.101.88
www.benchmarkemail.com	130056	2003-02-07	2012-05-29 14:07:17	2024-02-15 14:58:44	924 B	5.7 kB	34.23.115.195
itenterprisereports.benchurl.com	unknown	2014-04-11	2023-09-07 02:27:41	2024-02-16 10:05:39	2.7 kB	37 kB	54.202.251.224
itenterprisereports.com	unknown	2023-02-16	2023-02-22 15:37:05	2024-02-16 10:01:52	962 B	1.0 MB	192.236.193.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-16	medium	benchurl.com	Sinkholed
2024-02-16	medium	benchurl.com	Sinkholed
2024-02-16	medium	benchurl.com	Sinkholed
2024-02-16	medium	benchurl.com	Sinkholed
2024-02-16	medium	benchurl.com	Sinkholed
2024-02-16	medium	benchurl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	itenterprisereports.benchurl.com/script/dhtmlwindow.js	ScriptElement	11 kB	2023-03-11	2025-05-14
Pretty URL itenterprisereports.benchurl.com/script/dhtmlwindow.js IP 52.41.29.199 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:49 Last Seen2025-05-14 00:52 Times Seen63 Hash ce9e9bf450062d813ba906a527209f63 d17cd855bf2051a546064279aec382e8ea7500c8 653680a1a4e09b8bba99ee744d3658cebf2f7b381ceb7ee4b0d75e7eb7a042bd Loading...

	itenterprisereports.benchurl.com/script/modal.js	ScriptElement	2.4 kB	2023-03-11	2025-05-14
Pretty URL itenterprisereports.benchurl.com/script/modal.js IP 52.41.29.199 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:49 Last Seen2025-05-14 00:52 Times Seen63 Hash e0322202de2c115dc4b5057213bae97e a0c60f357467c88893417718cb2de6861253b88a c80379082e346ad94e225e70dacbfd298ce4f9379c6cb6df1f8ef9989e64ee58 Loading...

	itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty URL itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ IP 54.202.251.224 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 09:32 Last Seen2024-08-20 09:32 Times Seen1 Hash adeabcffb6a4a86696e7de22ada667cc f6b060bbba90e3862663d21600d4f05d5754be22 cb6a9316b81c45217cec4189ec96692b2fc222725b8b1cc76ac5547e71ac4a50 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0e5d1f1d193271c55b2833e13430fd54	69 B	2023-03-09 05:43	2025-06-18 13:46
Pretty Observations First Seen2023-03-09 05:43 Last Seen2025-06-18 13:46 Times Seen222 Hash 0e5d1f1d193271c55b2833e13430fd54 9c4c7254031a9bdd19ac972bbe51c3437b686dd4 9b398394e337241b1c9759b9ae1827c481bf3b2b12df8040890d804c365b5d70 Loading...

	#2 Write - 5f5e2bd5449a44249512842e77933f44	26 B	2023-03-09 22:32	2025-06-18 13:46
Pretty Observations First Seen2023-03-09 22:32 Last Seen2025-06-18 13:46 Times Seen78 Hash 5f5e2bd5449a44249512842e77933f44 4e1bb9060dd8008a99678d5d887b5c6ad6171031 aafa77f5d8cc6eec821d7abd1fbb33d8039a02677a6aefbe4e31f3944ddfe685 Loading...

HTTP Transactions (12)

URL IP Response Size

itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

54.202.251.224

28 kB

URL User Request GET
itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
IP
54.202.251.224:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (809), with CR, LF line terminators
Size
28 kB (27911 bytes)
Hash
88386a176f987fa61f268be8944cd856
d754b090068fad203f77151db56e122c6215aa12
7fbf390d5ed1b9db6d3f4b591700cfabdef5e29af1d40afdce6c83f76be0d6b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: awselb/2.0
Date: Fri, 16 Feb 2024 09:37:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 27911
Connection: keep-alive

itenterprisereports.com/reports/img/Goldman-Logo2405.png

192.236.193.126

200 OK

10 kB

URL GET HTTP/2
itenterprisereports.com/reports/img/Goldman-Logo2405.png
IP
192.236.193.126:443
ASN
#54290 HOSTWINDS

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Certificate
IssuerSectigo Limited
Subjectwww.itenterprisereports.com
FingerprintE3:EF:70:E5:F6:47:EA:A5:C9:BD:BC:AD:E5:8A:CB:47:B7:ED:48:EA
ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 22 Feb 2024 23:59:59 GMT

File type
PNG image data, 445 x 80, 8-bit colormap, interlaced
Size
10 kB (10137 bytes)
Hash
d2e3a6995a1b324c4000eb705d9cb2e1
09c72584bd7b84b90d916816d530300bf16e0427
a07a08c4114d98d0b6ddc0c57376296ee5e9e2b13686e63a64c5f6b26491716d

HTTP Headers

GET /reports/img/Goldman-Logo2405.png HTTP/1.1
Host: itenterprisereports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: Apache-Coyote/1.1
accept-ranges: bytes
etag: W/"10137-1690206414461"
last-modified: Mon, 24 Jul 2023 13:46:54 GMT
content-type: image/png
content-length: 10137
date: Fri, 16 Feb 2024 09:37:40 GMT
X-Firefox-Spdy: h2

itenterprisereports.com/reports/img/GSAM-FINANCING16.png

192.236.193.126

200 OK

1.0 MB

URL GET HTTP/2
itenterprisereports.com/reports/img/GSAM-FINANCING16.png
IP
192.236.193.126:443
ASN
#54290 HOSTWINDS

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Certificate
IssuerSectigo Limited
Subjectwww.itenterprisereports.com
FingerprintE3:EF:70:E5:F6:47:EA:A5:C9:BD:BC:AD:E5:8A:CB:47:B7:ED:48:EA
ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 22 Feb 2024 23:59:59 GMT

File type
PNG image data, 961 x 534, 8-bit/color RGBA, non-interlaced
Size
1.0 MB (1027510 bytes)
Hash
70b52b1a762249529a6f6a9b085c05a9
ea8a035a40a0897c247265ee556297b2313a32ac
fc11f17231472e241b0daa944836add7ca707876dc6e4e7c9a70f16078b7c589

HTTP Headers

GET /reports/img/GSAM-FINANCING16.png HTTP/1.1
Host: itenterprisereports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: Apache-Coyote/1.1
accept-ranges: bytes
etag: W/"1027510-1697740800929"
last-modified: Thu, 19 Oct 2023 18:40:00 GMT
content-type: image/png
content-length: 1027510
date: Fri, 16 Feb 2024 09:37:40 GMT
X-Firefox-Spdy: h2

itenterprisereports.benchurl.com/script/dhtmlwindow.js

52.41.29.199

200 OK

4.1 kB

URL GET HTTP/1.1
itenterprisereports.benchurl.com/script/dhtmlwindow.js
IP
52.41.29.199:80
ASN
#16509 AMAZON-02

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

File type
JavaScript source, ASCII text, with very long lines (312), with CRLF line terminators
Size
4.1 kB (4110 bytes)
Hash
ce9e9bf450062d813ba906a527209f63
d17cd855bf2051a546064279aec382e8ea7500c8
653680a1a4e09b8bba99ee744d3658cebf2f7b381ceb7ee4b0d75e7eb7a042bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/dhtmlwindow.js HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 09:37:40 GMT
Content-Type: application/javascript
Content-Length: 4110
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 27 Aug 2012 11:27:52 GMT
Accept-Ranges: bytes
ETag: "2bf5fbfe4684cd1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-XSS-Protection: 0

itenterprisereports.benchurl.com/script/modal.js

52.41.29.199

200 OK

1.1 kB

URL GET HTTP/1.1
itenterprisereports.benchurl.com/script/modal.js
IP
52.41.29.199:80
ASN
#16509 AMAZON-02

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1149 bytes)
Hash
e0322202de2c115dc4b5057213bae97e
a0c60f357467c88893417718cb2de6861253b88a
c80379082e346ad94e225e70dacbfd298ce4f9379c6cb6df1f8ef9989e64ee58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/modal.js HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 09:37:40 GMT
Content-Type: application/javascript
Content-Length: 1149
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 07 May 2012 08:42:08 GMT
Accept-Ranges: bytes
ETag: "c7f098492d2ccd1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-XSS-Protection: 0

itenterprisereports.benchurl.com/style/dhtmlwindow.css

52.41.29.199

200 OK

561 B

URL GET HTTP/1.1
itenterprisereports.benchurl.com/style/dhtmlwindow.css
IP
52.41.29.199:80
ASN
#16509 AMAZON-02

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

File type
ASCII text, with CRLF line terminators
Size
561 B (561 bytes)
Hash
8456b8b8627ac184b1fbff0c04ac6ba6
cc7e4dd08e2d2035dd920401a3c8a8564d480095
5ab9b01f5411eb7bf4655e6f6cfa5f451126a52f0d392a9ce236cc850ddfd824

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style/dhtmlwindow.css HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 09:37:40 GMT
Content-Type: text/css
Content-Length: 561
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 21 Aug 2014 21:27:06 GMT
Accept-Ranges: bytes
ETag: "d51473a886bdcf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-XSS-Protection: 0

itenterprisereports.benchurl.com/style/modal.css

52.41.29.199

200 OK

367 B

URL GET HTTP/1.1
itenterprisereports.benchurl.com/style/modal.css
IP
52.41.29.199:80
ASN
#16509 AMAZON-02

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

File type
ASCII text, with CRLF line terminators
Size
367 B (367 bytes)
Hash
7e44fc85d6e520f72ea7bece1cec6a91
3b5ca848f2d6714ac6be661d5f072247c9eaa5df
beae63e087a54da21123981ab8f0cd044616a8d0efb6f1467454421fa753c67d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style/modal.css HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 09:37:40 GMT
Content-Type: text/css
Content-Length: 367
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 31 Jul 2014 18:39:35 GMT
Accept-Ranges: bytes
ETag: "1c3bcdc6eeaccf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-XSS-Protection: 0

improxy.benchmarkemail.com/http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt=

35.209.101.88

11 B

URL
improxy.benchmarkemail.com/http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt=
IP
35.209.101.88:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
11 B (11 bytes)
Hash
0f20529927c08aabe1338c32eb7b53c6
a618332102ecd60bf3a33baf31e4d1408d85bfee
2024e13236e21e66ce4ba0098c026ce31aea0420d544170c75865ec55d5dd1f6

HTTP Headers

GET /http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt= HTTP/1.1
Host: improxy.benchmarkemail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 500 Internal Server Error
Server: nginx/1.24.0
Date: Fri, 16 Feb 2024 09:37:41 GMT
Content-Type: text/html
Content-Length: 11
Connection: close
ETag: "5f4887a4-b"

www.benchmarkemail.com/images/verified.png

34.23.115.195

200 OK

1.5 kB

URL GET HTTP/2
www.benchmarkemail.com/images/verified.png
IP
34.23.115.195:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Certificate
IssuerLet's Encrypt
Subjectwww.benchmarkemail.com
FingerprintBE:C0:34:72:8D:C9:3A:36:E9:B8:37:08:6A:86:BC:F7:DF:13:81:BD
ValiditySun, 24 Dec 2023 14:25:19 GMT - Sat, 23 Mar 2024 14:25:18 GMT

File type
PNG image data, 99 x 20, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1473 bytes)
Hash
8c78d8954c8c67b92cb7bfb5b4c286c9
aabfa01f507a7badf7e1b7ae3ceebf8fd704f551
3db7d51e6b2c5d1c6bf5fa3f1adaa5f63b2436e75a0f83e9a085387f838f72d2

HTTP Headers

GET /images/verified.png HTTP/1.1
Host: www.benchmarkemail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 16 Feb 2024 09:37:41 GMT
content-type: image/png
content-length: 1473
last-modified: Sat, 20 May 2023 04:14:32 GMT
etag: "64684928-5c1"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

itenterprisereports.benchurl.com/images/favicon.png

52.41.29.199

200 OK

1.1 kB

URL GET HTTP/1.1
itenterprisereports.benchurl.com/images/favicon.png
IP
52.41.29.199:80
ASN
#16509 AMAZON-02

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
1.1 kB (1077 bytes)
Hash
98afef26b0752d4e1c796cd7e224d300
26e39cc4862b2955012e3912d1749392969f80e0
56339793ef6148fdf17378abccd5ac5b1714e3eb639a272919e3c34272d5da41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/favicon.png HTTP/1.1
Host: itenterprisereports.benchurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 09:37:41 GMT
Content-Type: image/png
Content-Length: 1077
Connection: keep-alive
Last-Modified: Mon, 04 Feb 2019 16:12:19 GMT
Accept-Ranges: bytes
ETag: "57dda267a4bcd41:0"
Server: Microsoft-IIS/10.0
X-XSS-Protection: 0

www.benchmarkemail.com/images/web4/misc/emailfooter/opt9.png

34.23.115.195

200 OK

3.5 kB

URL GET HTTP/2
www.benchmarkemail.com/images/web4/misc/emailfooter/opt9.png
IP
34.23.115.195:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Certificate
IssuerLet's Encrypt
Subjectwww.benchmarkemail.com
FingerprintBE:C0:34:72:8D:C9:3A:36:E9:B8:37:08:6A:86:BC:F7:DF:13:81:BD
ValiditySun, 24 Dec 2023 14:25:19 GMT - Sat, 23 Mar 2024 14:25:18 GMT

File type
PNG image data, 140 x 70, 8-bit/color RGBA, non-interlaced
Size
3.5 kB (3545 bytes)
Hash
29b026ca23d2a3dee84b02d5ca67b1c5
f24691601a9f9d04067db220ca4b6c16cab81ded
a73314e8dbc8d859a7cee330e54b60d49dc9f751e8714bbf12023c0f9f073a7a

HTTP Headers

GET /images/web4/misc/emailfooter/opt9.png HTTP/1.1
Host: www.benchmarkemail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 16 Feb 2024 09:37:41 GMT
content-type: image/png
content-length: 3545
last-modified: Sat, 20 May 2023 04:18:20 GMT
etag: "64684a0c-dd9"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

improxy.benchmarkemail.com/http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt=

35.209.101.88

500 Internal Server Error

0 B

URL GET HTTP/1.1
improxy.benchmarkemail.com/http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt=
IP
35.209.101.88:443
ASN
#15169 GOOGLE

Requested by
http://itenterprisereports.benchurl.com/c/v?e=179E93D&c=158782&t=0&l=EA2AC881&email=nHfXyng6eSRnjzxkNpxM/e0fTKmA9KFQ
Certificate
IssuerLet's Encrypt
Subject*.benchmarkemail.com
Fingerprint9C:C5:74:E2:15:34:89:35:84:0E:89:20:8E:3A:05:14:3D:C4:84:92
ValidityWed, 13 Dec 2023 22:33:13 GMT - Tue, 12 Mar 2024 22:33:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /http://demandtechreports.com/ClientData?email=&campaignId=Cloudflare%20Q2%27%20alt= HTTP/1.1
Host: improxy.benchmarkemail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://itenterprisereports.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 500 Internal Server Error
Server: nginx/1.24.0
Date: Fri, 16 Feb 2024 09:37:41 GMT
Content-Type: text/html
Content-Length: 11
Connection: close
ETag: "5f4887a4-b"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type