Report - hyddns.actcorp.in/.hta

Report Overview

Visitedpublic

2024-08-28 06:40:15

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-27 18:12:09	1.3 kB	3.5 kB	23.36.77.32
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-27 18:12:12	981 B	2.7 kB	23.36.76.226
hyddns.actcorp.in	unknown	2014-06-03	2023-08-23 16:12:44	2023-08-23 16:12:44	741 B	842 B	49.205.171.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-28 06:39:51	medium	Client IP	49.205.171.194	ET POLICY Possible HTA Application Download

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen13234

Size504 B (504 bytes)

MD5a5c8e602d1c34dad6d2bf031b1922353

SHA15326666dceb77fd224fb1b5d8ab3eeeee07cea4d

SHA2568d2071964c9d8a7e8e5e0c36bc5d82199123ce55059a79ffede86b59a9cb8db5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8D2071964C9D8A7E8E5E0C36BC5D82199123CE55059A79FFEDE86B59A9CB8DB5"
Last-Modified: Mon, 26 Aug 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7752
Expires: Wed, 28 Aug 2024 08:49:02 GMT
Date: Wed, 28 Aug 2024 06:39:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen20149

Size504 B (504 bytes)

MD535888f142e8c995a2a992b24009a2cee

SHA18315b1d92f868af492e04ea1d0846ee9fc0328e7

SHA2565a2f5a87f6408bbc11020231759db8eeb24c28c0890da8f3ee2565d87b0e1e4c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5A2F5A87F6408BBC11020231759DB8EEB24C28C0890DA8F3EE2565D87B0E1E4C"
Last-Modified: Mon, 26 Aug 2024 02:36:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11661
Expires: Wed, 28 Aug 2024 09:54:11 GMT
Date: Wed, 28 Aug 2024 06:39:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen17376

Size504 B (504 bytes)

MD53c415be21fd13680f4c76a79399af82e

SHA1cc6afc7d2b2fd8451b793b01435087409e677f4c

SHA2565385c52f0502864e92da08547aefa7ce05ec21ff081c7413ce54723f3ab73303

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5385C52F0502864E92DA08547AEFA7CE05EC21FF081C7413CE54723F3AB73303"
Last-Modified: Mon, 26 Aug 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6107
Expires: Wed, 28 Aug 2024 08:21:37 GMT
Date: Wed, 28 Aug 2024 06:39:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen23723

Size504 B (504 bytes)

MD5b0c68ac7e44a67b94268231c5f22ae25

SHA1a0c078abb7617e9b0ac402a24969ea22e024cf18

SHA256671ca341e73bd97fda1d098560ab338b45fbff67a5d85b47685273850d55e587

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "671CA341E73BD97FDA1D098560AB338B45FBFF67A5D85B47685273850D55E587"
Last-Modified: Mon, 26 Aug 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3673
Expires: Wed, 28 Aug 2024 07:41:03 GMT
Date: Wed, 28 Aug 2024 06:39:50 GMT
Connection: keep-alive

GET hyddns.actcorp.in/.hta

49.205.171.194

206 B

URL User Request GET HTTP

hyddns.actcorp.in/.hta

IP / ASN

49.205.171.194

#18209 Atria Convergence Technologies pvt ltd

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2024-08-29

Last Seen2024-08-29

Times Seen1

Size206 B (206 bytes)

MD5aaff95ed13662e2dd827d853ebe91625

SHA1335eb407c4d2c78c54a16998de9ddc8ecbebe0bc

SHA256d65101b540166863829fce9cfacb0bf211d399b2bbfe981fda79d309afee5435

Detections

Analyzer	Verdict	Alert
suricata	medium	ET POLICY Possible HTA Application Download

HTTP Headers

GET /.hta HTTP/1.1
Host: hyddns.actcorp.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Wed, 28 Aug 2024 06:39:51 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 206
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET hyddns.actcorp.in/favicon.ico

49.205.171.194

404 Not Found

209 B

URL GET HTTP

hyddns.actcorp.in/favicon.ico

IP / ASN

49.205.171.194

#18209 Atria Convergence Technologies pvt ltd

Requested byhttp://hyddns.actcorp.in/.hta

Resource Info

File typeHTML document, ASCII text

First Seen2023-04-05

Last Seen2025-08-06

Times Seen24275

Size209 B (209 bytes)

MD518ffb59b61525f781cf9251045be575d

SHA1bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d

SHA256b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hyddns.actcorp.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hyddns.actcorp.in/.hta
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 28 Aug 2024 06:39:51 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 209
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r11.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen16518

Size504 B (504 bytes)

MD50192c7488a56c1b9f50decbbc7c6e924

SHA17ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec

SHA256571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167"
Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8350
Expires: Wed, 28 Aug 2024 08:59:02 GMT
Date: Wed, 28 Aug 2024 06:39:52 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen16518

Size504 B (504 bytes)

MD50192c7488a56c1b9f50decbbc7c6e924

SHA17ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec

SHA256571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167"
Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8350
Expires: Wed, 28 Aug 2024 08:59:02 GMT
Date: Wed, 28 Aug 2024 06:39:52 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-26

Last Seen2024-08-29

Times Seen16518

Size504 B (504 bytes)

MD50192c7488a56c1b9f50decbbc7c6e924

SHA17ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec

SHA256571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167"
Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8350
Expires: Wed, 28 Aug 2024 08:59:02 GMT
Date: Wed, 28 Aug 2024 06:39:52 GMT
Connection: keep-alive