Report - 170.64.175.16/

Report Overview

Submitted URL
170.64.175.16/
IP
170.64.175.16
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-05-07 22:23:37
Access
public
Website Title
Klik99 | Link Alternatif Klik99 | Login Klik 99
Final URL
170.64.175.16/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.ampproject.org	329	2015-08-31	2015-10-09	2024-05-06	2.7 kB	105 kB	216.58.207.193
170.64.175.16	unknown	unknown	2024-02-13	2024-02-13	1.7 kB	336 kB	170.64.175.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	170.64.175.16	Sinkholed
2024-05-07	medium	170.64.175.16	Sinkholed
2024-05-07	medium	170.64.175.16	Sinkholed
2024-05-07	medium	170.64.175.16	Sinkholed
2024-05-07	medium	170.64.175.16	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	cdn.ampproject.org/v0/amp-carousel-0.1.mjs	34 kB	2024-05-04	2024-05-08
Pretty URL cdn.ampproject.org/v0/amp-carousel-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:09:33 Last Seen2024-05-08 06:05:35 Times Seen6 Hash 1c475333ad86aa3ff828dd8672cb38c2 201e834dc9bbe1fd98ceab751646c5b59b6cae68 72ca3b368dcf6efa96167bd739647957c50cabb81e7b13fcc5e620ddbdc9dfb5 Loading...

	cdn.ampproject.org/v0/amp-youtube-0.1.mjs	32 kB	2024-05-04	2024-05-08
Pretty URL cdn.ampproject.org/v0/amp-youtube-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:09:33 Last Seen2024-05-08 06:05:35 Times Seen6 Hash 338f773d5b22b91be82fcaffa1672317 f06c08885a5a2bc12328b738d627bbd6f389d6e2 c3abc5a9da59432e44f387f43796348b14e3af2819dc81129d6c4355a97241dd Loading...

	cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs	6.6 kB	2024-05-04	2024-05-08
Pretty URL cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:09:33 Last Seen2024-05-08 06:05:35 Times Seen6 Hash fdb0b646cb3c94506df758143e752238 de59114e64326979b48685746b7ca6694e919173 6e4268c440ac490c2878275028d788d73643b4c9a8c379973f7c500618e966f5 Loading...

	cdn.ampproject.org/v0.mjs	228 kB	2024-05-01	2024-05-08
Pretty URL cdn.ampproject.org/v0.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:50:05 Last Seen2024-05-08 08:30:03 Times Seen19 Hash 6d191203ef60710cac04b5f62cec68eb 81ae21d54e0403173ac0d0aca137e6cce61d8f17 0d4bbdab97e43b27341632a25fdf45e78602b68e4603f714d2b1c21d367eb840 Loading...

	cdn.ampproject.org/v0/amp-accordion-0.1.mjs	14 kB	2024-05-04	2024-05-08
Pretty URL cdn.ampproject.org/v0/amp-accordion-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:09:33 Last Seen2024-05-08 06:05:35 Times Seen6 Hash 36a8ba42dd9d5155c36db809e345d377 7f6a1afd59c296d3b7f28091cb41ea16730c9e34 9ee4efb31ecb04a10d60daa45fb06341700fc93d84a793082525f57b19a4ffc2 Loading...

	cdn.ampproject.org/rtv/012404181825000/v0/amp-loader-0.1.mjs	12 kB	2024-05-02	2024-05-08
Pretty URL cdn.ampproject.org/rtv/012404181825000/v0/amp-loader-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 22:43:00 Last Seen2024-05-08 08:30:03 Times Seen11 Hash 76c8ff0749479405c16003591bb45a2c 61f43db436fae1f08069464c4039f7c6b478a7fb 1ab2942e015a02e74d7d72f90bf1a07b1b361cf52f704df2ff7b66611b913fd4 Loading...

HTTP Transactions (11)

URL IP Response Size

170.64.175.16/

170.64.175.16

200 OK

11 kB

URL User Request GET HTTP/1.1
170.64.175.16/
IP
170.64.175.16:80
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
11 kB (11184 bytes)
Hash
f61fe881aebd14488805045572e506a1
2f463ea9e66d5a3f4a8de2660ea913193089ca41
4f521f81ba7165d9a04d5f687ec024859551e930039d1906d167905f2b701a08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 170.64.175.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 May 2024 22:23:12 GMT
Content-Type: text/html
Last-Modified: Fri, 12 Apr 2024 09:22:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6618fd61-f06c"
Content-Encoding: gzip

cdn.ampproject.org/v0/amp-carousel-0.1.mjs

216.58.207.193

200 OK

10 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-carousel-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33361)
Size
10 kB (10085 bytes)
Hash
1c475333ad86aa3ff828dd8672cb38c2
201e834dc9bbe1fd98ceab751646c5b59b6cae68
72ca3b368dcf6efa96167bd739647957c50cabb81e7b13fcc5e620ddbdc9dfb5

HTTP Headers

GET /v0/amp-carousel-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 10085
date: Tue, 07 May 2024 22:23:13 GMT
expires: Tue, 07 May 2024 22:23:13 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "d09c750934eeb6e1"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-youtube-0.1.mjs

216.58.207.193

200 OK

10 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-youtube-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (31465)
Size
10 kB (10330 bytes)
Hash
338f773d5b22b91be82fcaffa1672317
f06c08885a5a2bc12328b738d627bbd6f389d6e2
c3abc5a9da59432e44f387f43796348b14e3af2819dc81129d6c4355a97241dd

HTTP Headers

GET /v0/amp-youtube-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 10330
date: Tue, 07 May 2024 22:23:13 GMT
expires: Tue, 07 May 2024 22:23:13 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "900fecbbb60706d0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs

216.58.207.193

200 OK

2.4 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (6424)
Size
2.4 kB (2371 bytes)
Hash
fdb0b646cb3c94506df758143e752238
de59114e64326979b48685746b7ca6694e919173
6e4268c440ac490c2878275028d788d73643b4c9a8c379973f7c500618e966f5

HTTP Headers

GET /v0/amp-install-serviceworker-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2371
date: Tue, 07 May 2024 22:23:13 GMT
expires: Tue, 07 May 2024 22:23:13 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "5ac07e3b764cc0c8"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-accordion-0.1.mjs

216.58.207.193

200 OK

4.9 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-accordion-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (14003)
Size
4.9 kB (4860 bytes)
Hash
36a8ba42dd9d5155c36db809e345d377
7f6a1afd59c296d3b7f28091cb41ea16730c9e34
9ee4efb31ecb04a10d60daa45fb06341700fc93d84a793082525f57b19a4ffc2

HTTP Headers

GET /v0/amp-accordion-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 4860
date: Tue, 07 May 2024 22:23:13 GMT
expires: Tue, 07 May 2024 22:23:13 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "9f128eae6784bb01"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0.mjs

216.58.207.193

200 OK

64 kB

URL GET HTTP/2
cdn.ampproject.org/v0.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64648)
Size
64 kB (63633 bytes)
Hash
6d191203ef60710cac04b5f62cec68eb
81ae21d54e0403173ac0d0aca137e6cce61d8f17
0d4bbdab97e43b27341632a25fdf45e78602b68e4603f714d2b1c21d367eb840

HTTP Headers

GET /v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 63633
date: Tue, 07 May 2024 22:23:13 GMT
expires: Tue, 07 May 2024 22:23:13 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "f7ebac4fea03da2e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

170.64.175.16/logo.png

170.64.175.16

200 OK

4.7 kB

URL GET HTTP/1.1
170.64.175.16/logo.png
IP
170.64.175.16:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://170.64.175.16/

File type
PNG image data, 230 x 53, 8-bit/color RGBA, non-interlaced
Size
4.7 kB (4679 bytes)
Hash
e9923fcc38f32db5a17d7f0a04ddcec2
bcce6761cefe7f7df01c0542bfcccb525f57732c
de3b0248bf28b849fda538e314fb483813864645b860e25eed2dffdac6754bd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo.png HTTP/1.1
Host: 170.64.175.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 May 2024 22:23:13 GMT
Content-Type: image/png
Content-Length: 4679
Last-Modified: Tue, 26 Mar 2024 09:53:02 GMT
Connection: keep-alive
ETag: "66029afe-1247"
Accept-Ranges: bytes

170.64.175.16/klik99-promotion.webp

170.64.175.16

200 OK

53 kB

URL GET HTTP/1.1
170.64.175.16/klik99-promotion.webp
IP
170.64.175.16:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://170.64.175.16/

File type
RIFF (little-endian) data, Web/P image
Size
53 kB (52756 bytes)
Hash
14453b9c33608d8bdd907259014cf29d
f7f22c3b74eb3248ac07589f692456e58a38f38f
077404a1cccdde93bdc57366f88ce1a815e1d1025914cc59e6bbbbad642ba46c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /klik99-promotion.webp HTTP/1.1
Host: 170.64.175.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 May 2024 22:23:13 GMT
Content-Type: image/webp
Content-Length: 52756
Last-Modified: Mon, 08 Apr 2024 13:50:46 GMT
Connection: keep-alive
ETag: "6613f636-ce14"
Accept-Ranges: bytes

cdn.ampproject.org/rtv/012404181825000/v0/amp-loader-0.1.mjs

216.58.207.193

200 OK

3.9 kB

URL GET HTTP/2
cdn.ampproject.org/rtv/012404181825000/v0/amp-loader-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
http://170.64.175.16/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (12245)
Size
3.9 kB (3928 bytes)
Hash
76c8ff0749479405c16003591bb45a2c
61f43db436fae1f08069464c4039f7c6b478a7fb
1ab2942e015a02e74d7d72f90bf1a07b1b361cf52f704df2ff7b66611b913fd4

HTTP Headers

GET /rtv/012404181825000/v0/amp-loader-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://170.64.175.16
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 3928
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:15:25 GMT
expires: Fri, 02 May 2025 02:15:25 GMT
cache-control: public, max-age=31536000
etag: "65bda207504b08af"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 504469
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

170.64.175.16/favicon.ico

170.64.175.16

200 OK

4.4 kB

URL GET HTTP/1.1
170.64.175.16/favicon.ico
IP
170.64.175.16:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://170.64.175.16/

File type
RIFF (little-endian) data, Web/P image
Size
4.4 kB (4404 bytes)
Hash
1509600493ecb5e3e301ae20f000c496
3ab6b6a16c49d0b8de9168570d2c0937678fe707
7cf0a95602410af9ae8a94cc80457ade787b999924da30545279c4bf01b04026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 170.64.175.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 May 2024 22:23:14 GMT
Content-Type: image/x-icon
Content-Length: 4404
Last-Modified: Tue, 26 Mar 2024 09:52:48 GMT
Connection: keep-alive
ETag: "66029af0-1134"
Accept-Ranges: bytes

170.64.175.16/klik99.gif

170.64.175.16

200 OK

262 kB

URL GET HTTP/1.1
170.64.175.16/klik99.gif
IP
170.64.175.16:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://170.64.175.16/

File type
GIF image data, version 89a, 720 x 89
Size
262 kB (262128 bytes)
Hash
993d381a4293f9ed060b2e9f5f551d6f
867d16ca1faa6ef362dd60717220e45b2272fd80
16c27719f5f909383de2ae6bda64fff8f48654dc84ebf00aa2f170b01f262087

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /klik99.gif HTTP/1.1
Host: 170.64.175.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://170.64.175.16/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 May 2024 22:23:14 GMT
Content-Type: image/gif
Content-Length: 262128
Last-Modified: Fri, 29 Mar 2024 09:29:50 GMT
Connection: keep-alive
ETag: "66068a0e-3fff0"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN