Report - 45.54.28.11

Report Overview

Submitted URL
45.54.28.11
IP
45.54.28.11
ASN
#64089 DNSFilter, Inc.
Submitted
2024-05-07 06:12:00
Access
public
Website Title
Domain Blocked
Final URL
45.54.28.11/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
45.54.28.11	unknown	unknown	No data	No data	1.5 kB	3.7 kB	45.54.28.11
blockedv2.dnsfilter.com	unknown	2004-02-22	2023-01-31	2024-01-04	1.3 kB	339 kB	45.54.28.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	45.54.28.11	Sinkholed
2024-05-07	medium	45.54.28.11	Sinkholed
2024-05-07	medium	45.54.28.11	Sinkholed
2024-05-07	medium	45.54.28.11	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	blockedv2.dnsfilter.com/index.js	884 kB	2023-11-16	2024-05-07
Pretty URL blockedv2.dnsfilter.com/index.js IP 45.54.28.10 ASN #64089 DNSFilter, Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 23:17:17 Last Seen2024-05-07 08:12:06 Times Seen3 Hash 86b25e79026376e4b2b0475210416467 dd65d1f752287c689cdb4d9cbbffa12de7a30f6d 61af3e6060ad93c395a96d1d1e1a42549031e9687d2b55628c08b1281d0467ef Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-19
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-19 09:38:00 Times Seen353078 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

HTTP Transactions (7)

URL IP Response Size

45.54.28.11/

45.54.28.11

200 OK

496 B

URL User Request GET HTTP/1.1
45.54.28.11/
IP
45.54.28.11:80
ASN
#64089 DNSFilter, Inc.

File type
HTML document, ASCII text
Size
496 B (496 bytes)
Hash
7c1fcd143ad4b3d589f9cf8a6ee01a9e
8b8d174492241a84aac5c4a642b778f1e3ace032
4b9f653c59357636012b7a055af1e7f53771a00db422e5b77645f19d1adf7de7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 45.54.28.11
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Content-Length: 496
Content-Type: text/html; charset=utf-8
Date: Tue, 07 May 2024 06:11:35 GMT
Etag: W/"1f0-i40XRJIkGoSqxcSmQrd48eOs4DI"
Expires: 0
Host: 45.54.28.11
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15724800; includeSubdomains
Surrogate-Control: no-store
X-Api-Url: https://api.dnsfilter.com
X-App-Url: https://blockedv2.dnsfilter.com
X-Deployment-Type: undefined
X-Ip-Address: 91.90.42.154
X-Page-Type: blocked

45.54.28.11/

45.54.28.11

200 OK

496 B

URL User Request GET HTTP/1.1
45.54.28.11/
IP
45.54.28.11:80
ASN
#64089 DNSFilter, Inc.

File type
HTML document, ASCII text
Size
496 B (496 bytes)
Hash
7c1fcd143ad4b3d589f9cf8a6ee01a9e
8b8d174492241a84aac5c4a642b778f1e3ace032
4b9f653c59357636012b7a055af1e7f53771a00db422e5b77645f19d1adf7de7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 45.54.28.11
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://45.54.28.11/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Content-Length: 496
Content-Type: text/html; charset=utf-8
Date: Tue, 07 May 2024 06:11:35 GMT
Etag: W/"1f0-i40XRJIkGoSqxcSmQrd48eOs4DI"
Expires: 0
Host: 45.54.28.11
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15724800; includeSubdomains
Surrogate-Control: no-store
X-Api-Url: https://api.dnsfilter.com
X-App-Url: https://blockedv2.dnsfilter.com
X-Deployment-Type: undefined
X-Ip-Address: 91.90.42.154
X-Page-Type: blocked

blockedv2.dnsfilter.com/97493d3f11c0a3bd5cbd959f5d19b699.woff2

45.54.28.10

200 OK

57 kB

URL GET HTTP/2
blockedv2.dnsfilter.com/97493d3f11c0a3bd5cbd959f5d19b699.woff2
IP
45.54.28.10:443
ASN
#64089 DNSFilter, Inc.

Requested by
http://45.54.28.11/
Certificate
IssuerLet's Encrypt
Subjectblockedv2.dnsfilter.com
FingerprintB1:04:3C:F2:64:AE:F8:AC:73:80:3B:2E:86:A4:EB:D5:D9:2D:60:6B
ValiditySat, 16 Mar 2024 02:11:38 GMT - Fri, 14 Jun 2024 02:11:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197
Size
57 kB (56780 bytes)
Hash
97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

HTTP Headers

GET /97493d3f11c0a3bd5cbd959f5d19b699.woff2 HTTP/1.1
Host: blockedv2.dnsfilter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://45.54.28.11
DNT: 1
Connection: keep-alive
Referer: https://blockedv2.dnsfilter.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 06:11:36 GMT
content-type: text/css; charset=utf-8
content-length: 56780
vary: Accept-Encoding
access-control-allow-origin: *
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
accept-ranges: bytes
last-modified: Tue, 10 Oct 2023 13:08:34 GMT
etag: W/"ddcc-18b19b416f9"
strict-transport-security: max-age=15724800; includeSubdomains
X-Firefox-Spdy: h2

45.54.28.11/favicon.ico

45.54.28.11

200 OK

496 B

URL GET HTTP/1.1
45.54.28.11/favicon.ico
IP
45.54.28.11:80
ASN
#64089 DNSFilter, Inc.

Requested by
http://45.54.28.11/

File type
HTML document, ASCII text
Size
496 B (496 bytes)
Hash
7c1fcd143ad4b3d589f9cf8a6ee01a9e
8b8d174492241a84aac5c4a642b778f1e3ace032
4b9f653c59357636012b7a055af1e7f53771a00db422e5b77645f19d1adf7de7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 45.54.28.11
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://45.54.28.11/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Content-Length: 496
Content-Type: text/html; charset=utf-8
Date: Tue, 07 May 2024 06:11:36 GMT
Etag: W/"1f0-i40XRJIkGoSqxcSmQrd48eOs4DI"
Expires: 0
Host: 45.54.28.11
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15724800; includeSubdomains
Surrogate-Control: no-store
X-Api-Url: https://api.dnsfilter.com
X-App-Url: https://blockedv2.dnsfilter.com
X-Deployment-Type: undefined
X-Ip-Address: 91.90.42.154
X-Page-Type: blocked

blockedv2.dnsfilter.com/index.js

45.54.28.10

200 OK

243 kB

URL GET HTTP/2
blockedv2.dnsfilter.com/index.js
IP
45.54.28.10:443
ASN
#64089 DNSFilter, Inc.

Requested by
http://45.54.28.11/
Certificate
IssuerLet's Encrypt
Subjectblockedv2.dnsfilter.com
FingerprintB1:04:3C:F2:64:AE:F8:AC:73:80:3B:2E:86:A4:EB:D5:D9:2D:60:6B
ValiditySat, 16 Mar 2024 02:11:38 GMT - Fri, 14 Jun 2024 02:11:37 GMT

File type
gzip compressed data, from Unix
Size
243 kB (242881 bytes)
Hash
2c367b9dbf3fac1108b3f1191e881016
d8f2560a414608baa9189d781aba60c01116dbbf
098ab3ef42b58734a7e9b07a63fd7269543859516be068c8732d2fef568a95b6

HTTP Headers

GET /index.js HTTP/1.1
Host: blockedv2.dnsfilter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://45.54.28.11/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 06:11:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
last-modified: Tue, 10 Oct 2023 13:08:34 GMT
etag: W/"d7ef3-18b19b416f9"
strict-transport-security: max-age=15724800; includeSubdomains
content-encoding: gzip
X-Firefox-Spdy: h2

blockedv2.dnsfilter.com/main.css

45.54.28.10

200 OK

38 kB

URL GET HTTP/2
blockedv2.dnsfilter.com/main.css
IP
45.54.28.10:443
ASN
#64089 DNSFilter, Inc.

Requested by
http://45.54.28.11/
Certificate
IssuerLet's Encrypt
Subjectblockedv2.dnsfilter.com
FingerprintB1:04:3C:F2:64:AE:F8:AC:73:80:3B:2E:86:A4:EB:D5:D9:2D:60:6B
ValiditySat, 16 Mar 2024 02:11:38 GMT - Fri, 14 Jun 2024 02:11:37 GMT

File type
gzip compressed data, from Unix
Size
38 kB (38084 bytes)
Hash
b275bc1e6177a3d943889f374be9d7e0
7bd5032582bae11677f6ed8088bfe6bb12459494
c864a102a47065341defaab1b0083facf11e9555a3ab8d73363ba22946c569da

HTTP Headers

GET /main.css HTTP/1.1
Host: blockedv2.dnsfilter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://45.54.28.11/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 06:11:35 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
last-modified: Tue, 10 Oct 2023 13:08:34 GMT
etag: W/"30e1b-18b19b416f9"
strict-transport-security: max-age=15724800; includeSubdomains
content-encoding: gzip
X-Firefox-Spdy: h2

45.54.28.11/lookup?fqdn=45.54.28.11&block_date_time=2024-05-07T06:11:36.016Z&default_locale=true

45.54.28.11

200 OK

29 B

URL GET HTTP/1.1
45.54.28.11/lookup?fqdn=45.54.28.11&block_date_time=2024-05-07T06:11:36.016Z&default_locale=true
IP
45.54.28.11:80
ASN
#64089 DNSFilter, Inc.

Requested by
http://45.54.28.11/

File type
JSON text data
Size
29 B (29 bytes)
Hash
a126d361104725258d1e001dea35f715
dfa1deb516fd99174d5c8ee961eaaf0b2bf2a0c8
4e02999759fd7db51930c8e976d6836859d7831ec0d703557b43d011398c1031

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lookup?fqdn=45.54.28.11&block_date_time=2024-05-07T06:11:36.016Z&default_locale=true HTTP/1.1
Host: 45.54.28.11
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://45.54.28.11/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Content-Length: 29
Content-Type: application/json; charset=utf-8
Date: Tue, 07 May 2024 06:11:36 GMT
Etag: W/"1d-36HetRb9mRdNXI7pYeqvCyvyoMg"
Expires: 0
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15724800; includeSubdomains
Surrogate-Control: no-store

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2