Report - likes.giize.com/

Report Overview

Visited public
2024-05-23 02:06:23
Tags
URL
likes.giize.com/
Finishing URL
href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=
IP / ASN
95.47.161.64
#12722 RECONN LLC
Title
href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
href.li	36866	unknown	2012-05-22 14:39:06	2024-05-19 22:07:52	1.1 kB	13 kB	192.0.78.26
likes.giize.com	unknown	2017-01-14	2024-04-04 07:47:37	2024-04-05 09:19:38	386 B	1.2 kB	95.47.161.64

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-23 02:05:57	low	Client IP	95.47.161.64	ET INFO Observed DYNAMIC_DNS Domain (giize .com in TLS SNI)
2024-05-23 02:05:57	low	Client IP	95.47.161.64	ET INFO Observed DYNAMIC_DNS Domain (giize .com in TLS SNI)
2024-05-23 02:05:58	medium	Client IP	95.47.161.64	ET INFO DYNAMIC_DNS HTTP Request to a *.giize .com Domain
2024-05-23 02:05:58	medium	Client IP	95.47.161.64	ET INFO DYNAMIC_DNS HTTP Request to a *.giize .com Domain
2024-05-23 02:05:58	low	Client IP	192.0.78.26	ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)
2024-05-23 02:05:58	low	Client IP	192.0.78.26	ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)
2024-05-23 02:06:08	high	95.47.161.64	Client IP	ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer
2024-05-23 02:06:08	high	95.47.161.64	Client IP	ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-23	medium	likes.giize.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

likes.giize.com/

95.47.161.64

302 Found

653 B

URL User Request GET HTTP/1.1
likes.giize.com/
IP
95.47.161.64:80
ASN
#12722 RECONN LLC

File type
HTML document, ASCII text, with very long lines (643)
Size
653 B (653 bytes)
Hash
3a87f0e1308602daa1d0fb0a16526d09
2089706b5a53a3cb947f67081831e1f83bfd1bc1
2399e6f07cb0bb9dce8cdfdea7faf281385638da0bad6fb4a0baa55fbd6041f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.giize .com Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.giize .com Domain
suricata	high	ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer
suricata	high	ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer

HTTP Headers

GET / HTTP/1.1
Host: likes.giize.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Thu, 23 May 2024 02:05:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: bhit=0; expires=Sat, 25-May-2024 02:05:58 GMT
intm=1716429958; expires=Sat, 25-May-2024 02:05:58 GMT
refer=noref; expires=Sat, 25-May-2024 02:05:58 GMT
noref=visited; expires=Sat, 25-May-2024 02:05:58 GMT
page=main; expires=Sat, 25-May-2024 02:05:58 GMT
Location: https://href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=

href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=

192.0.78.26

403 Forbidden

10 kB

URL User Request GET HTTP/2
href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=
IP
192.0.78.26:443
ASN
#2635 AUTOMATTIC

Certificate
IssuerLet's Encrypt
Subjecttls.automattic.com
FingerprintB3:3A:A0:5F:B0:25:9D:4B:18:87:25:4F:9C:50:76:C2:30:4A:61:34
ValidityMon, 06 May 2024 01:30:15 GMT - Sun, 04 Aug 2024 01:30:14 GMT

File type
ASCII text, with no line terminators
Size
10 kB (10348 bytes)
Hash
93284910166fc0538e6849463239921f
e79238cfd7c1f2051e469afaed4dfba811b494ea
8310b5e00816dd335b76204f7ebae1379d0796c3174c1ce0da785d6da8aa4698

HTTP Headers

GET /?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2= HTTP/1.1
Host: href.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Thu, 23 May 2024 02:05:58 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: br
x-ac: 3.arn _dca MISS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

href.li/favicon.ico

192.0.78.26

200 OK

1.9 kB

URL GET HTTP/3
href.li/favicon.ico
IP
192.0.78.26:443
ASN
#2635 AUTOMATTIC

Requested by
https://href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=
Certificate
IssuerLet's Encrypt
Subjecttls.automattic.com
FingerprintB3:3A:A0:5F:B0:25:9D:4B:18:87:25:4F:9C:50:76:C2:30:4A:61:34
ValidityMon, 06 May 2024 01:30:15 GMT - Sun, 04 Aug 2024 01:30:14 GMT

File type
HTML document, ASCII text, with very long lines (2000), with no line terminators
Size
1.9 kB (1883 bytes)
Hash
3d265ab70e3e12cd59e7090713062631
3ae861f4b3e6a63de8b08c1a1105caf5185fbf28
e7642d7683bf04e128a7b16ef4c7980aed3a2ca4600ba1b4a39ae6f6e3fb7760

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: href.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://href.li/?https://woneyn.com/porno-archive?h=waWQiOjEwNjI0NjIsInNpZCI6MTM0NjQ4OSwid2lkIjo1NzA3ODUsInNyYyI6Mn0=eyJ&si1=&si2=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 23 May 2024 02:05:58 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nc: HIT dca 165
content-encoding: br
x-ac: 3.arn _dca MISS
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers