Report - 87.245.16.139:8080/

Report Overview

Submitted URL
87.245.16.139:8080/
IP
87.245.16.139
ASN
#9145 EWE-Tel GmbH
Submitted
2024-05-07 06:09:34
Access
public
Website Title
87.245.16.139:8080/
Final URL
87.245.16.139:8080/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
87.245.16.139:8080	unknown	unknown	No data	No data	3.8 kB	224 kB	87.245.16.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed
2024-05-07	medium	87.245.16.139	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	87.245.16.139:8080/	0 B	2023-03-07	2024-05-19
Pretty URL 87.245.16.139:8080/ IP 87.245.16.139 ASN #9145 EWE-Tel GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 11:11:42 Times Seen37823812 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	87.245.16.139:8080/scripts/all.js	192 kB	2024-05-02	2024-05-07
Pretty URL 87.245.16.139:8080/scripts/all.js IP 87.245.16.139 ASN #9145 EWE-Tel GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 08:00:54 Last Seen2024-05-07 08:09:41 Times Seen2 Hash d681a32a493c9a49cfe675310023cda2 0672142ea0ca745b1f9873aa02577e4c4a60aed9 5e417dfd49097e0fdc641cf6251834461b5e30d537fdf637083064e61396c346 Loading...

	unknown	23 B	2024-05-02	2024-05-07
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-05-02 08:00:54 Last Seen2024-05-07 08:09:41 Times Seen2 Hash d7a1d9a516f49987ad86067e4b408c21 25cd637e09eb3d3ee5a89ee214780151f0ff976b 72d8dfa33de38b0c4084ea794d819e81774bd7a90e51a7a339a3757e46db43dc Loading...

		Size	First Seen	Last Seen
	#1 Write - 15f7f4810f946a4a6a9f40f714c1f87a	28 B	2023-03-10	2024-05-07
Pretty Observations First Seen2023-03-10 10:28:19 Last Seen2024-05-07 08:09:41 Times Seen3 Hash 15f7f4810f946a4a6a9f40f714c1f87a 1981fd0d30cf29a251e304acadb06a905e8c74df a629a6882bdb66669e87e34fad373f2d636dc60e1de255d8eb849075317c1510 Loading...

	#2 Write - fa319feb9f326072811c5ad690cdd500	9 B	2023-03-07	2024-05-16
Pretty Observations First Seen2023-03-07 18:03:45 Last Seen2024-05-16 23:38:45 Times Seen86 Hash fa319feb9f326072811c5ad690cdd500 0a54f8cea3c349cbecbedd239a6112d44ada4edc 4b9004514dd8bb5287b58e385ae3872bb9ee7c89e61c0c5fe1ab850fea565a57 Loading...

	#3 Write - bf85b0e79e379a8217f3f1313e7a8d55	24 B	2023-03-07	2024-05-16
Pretty Observations First Seen2023-03-07 12:22:15 Last Seen2024-05-16 23:38:51 Times Seen208 Hash bf85b0e79e379a8217f3f1313e7a8d55 e9eb3ff362fba5650c6dc34a117b815724b488ef ee78225a758305bcc45054473598f32a25e45254ee1068931e8784aeec984a03 Loading...

HTTP Transactions (10)

URL IP Response Size

87.245.16.139:8080/styles/firefox.css

87.245.16.139

200 OK

1.4 kB

URL GET HTTP/1.0
87.245.16.139:8080/styles/firefox.css
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
gzip compressed data, max compression, from NTFS filesystem (NT)
Size
1.4 kB (1395 bytes)
Hash
1b636d9b8e09ff8f9d8a93c7b4f2194f
d4796dd8f630275646a5bf2a0a4109cc8148ad1b
ee4af53ca616a8fe4489aaa5e20fb4b956fa0df3b99df8105ea06e3462b1bd26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/firefox.css HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75231:3406601"
Last-Modified: Tue, 19 Dec 2006 07:27:46 GMT
Content-Encoding: gzip
Content-Type: text/css
Connection: close

87.245.16.139:8080/favicon.ico

87.245.16.139

404 The page cannot be found

1.3 kB

URL GET HTTP/1.0
87.245.16.139:8080/favicon.ico
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
HTML document, ASCII text, with very long lines (1297), with no line terminators
Size
1.3 kB (1265 bytes)
Hash
49e9d21085ca7386352c6b49ec5771ab
e3b186ff025359bdfa7eb2cd8aeb018d8314d064
071d3c9c848e876074b4119db80f082040123be38687f3e059154f7f7f06f226

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 404 The page cannot be found
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
Content-Length: 422
Content-Type: text/html
Connection: close

87.245.16.139:8080/images/help.png

87.245.16.139

200 OK

2.1 kB

URL GET HTTP/1.0
87.245.16.139:8080/images/help.png
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
2.1 kB (2103 bytes)
Hash
35885cc7ec0f17d655874d95a01d19eb
9b401dc5d6b6565e3b23d8333606ccd5aff95c42
f17478096920fbf6c6cb6dbf2bf62fe901e481a4e67ea066359f4773f1ecc519

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/help.png HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75221:4694601"
Last-Modified: Sat, 09 Dec 2006 11:02:26 GMT
Content-Type: image/png
Connection: close

87.245.16.139:8080/images/chromebg.gif

87.245.16.139

200 OK

111 B

URL GET HTTP/1.0
87.245.16.139:8080/images/chromebg.gif
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
GIF image data, version 89a, 3 x 50
Size
111 B (111 bytes)
Hash
829fa527bc00837efeca31ad94c6958e
c3b5904d4a9ed7f4f119fe5b1c2ce40db3e0d813
1ec18e463f6cc3d48ce8c7bc10d6fab53f5bbcd742d50d37ce1c4c3b4ecdaaec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/chromebg.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/styles/all.css
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "74918:8526001"
Last-Modified: Thu, 09 Feb 2006 21:41:00 GMT
Content-Type: image/gif
Connection: close

87.245.16.139:8080/styles/all.css

87.245.16.139

200 OK

18 kB

URL GET HTTP/1.0
87.245.16.139:8080/styles/all.css
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
ASCII text, with CRLF line terminators
Size
18 kB (17646 bytes)
Hash
65ecdd522879f1a8191d5debd119fd8d
3a5dc72f5604eee5aefe24b0bf43f572f7c372a5
2a375b4a357fe315204ffb58aa4f05a7657bbfebac174d05877febb5f575a68c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/all.css HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75313:55201"
Last-Modified: Sat, 10 Mar 2007 22:09:12 GMT
Content-Type: text/css
Connection: close

87.245.16.139:8080/images/heading.png

87.245.16.139

200 OK

2.8 kB

URL GET HTTP/1.0
87.245.16.139:8080/images/heading.png
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
PNG image data, 50 x 58, 8-bit colormap, non-interlaced
Size
2.8 kB (2848 bytes)
Hash
5c2b6b94cb2406488ed499c3cb0690e6
27dceabc00fa7a51a70559169509cac2a4e03381
95c6484053398763b6523ea408d1e7d1be1932483d7d1b3684bf392edf69112f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/heading.png HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75187:7650801"
Last-Modified: Sun, 05 Nov 2006 19:15:08 GMT
Content-Type: image/png
Connection: close

87.245.16.139:8080/images/ab_flag.gif

87.245.16.139

200 OK

1.4 kB

URL GET HTTP/1.0
87.245.16.139:8080/images/ab_flag.gif
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
GIF image data, version 89a, 75 x 50
Size
1.4 kB (1406 bytes)
Hash
fcb9580b1904e847e95dda4628525513
c351ec77aef7639b62f0e13954b2a05dd2216e86
57bf781614150cf68bb8d1b343561e172ffc73275555d96ee0a5565fdd9d5aff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/ab_flag.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75248:8052001"
Last-Modified: Fri, 05 Jan 2007 20:22:00 GMT
Content-Type: image/gif
Connection: close

87.245.16.139:8080/images/chromedivider.gif

87.245.16.139

200 OK

79 B

URL GET HTTP/1.0
87.245.16.139:8080/images/chromedivider.gif
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
GIF image data, version 89a, 2 x 50
Size
79 B (79 bytes)
Hash
d7cf2e570fa65eeaf3c3d8fca89d3fa2
5c9074378ffe78b0a84e31c5eace6f0b61bf9462
30f9fe651e278db1b4bf2eb0664e9c17cba861bbe933a0bb50a872ae3c77b724

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/chromedivider.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/styles/all.css
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "74918:8526001"
Last-Modified: Thu, 09 Feb 2006 21:41:00 GMT
Content-Type: image/gif
Connection: close

87.245.16.139:8080/

87.245.16.139

200 OK

3.7 kB

URL User Request GET HTTP/1.0
87.245.16.139:8080/
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

File type
HTML document, ASCII text, with very long lines (4136), with no line terminators
Size
3.7 kB (3740 bytes)
Hash
fc378da5138f4e0d5629212eae693091
f0d2f85c9845a31aad54ed89dd279297e684b045
74761c547875930a896743ed4a23bfa12dd3a9d9345f77a438c2b2abbcb1f026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:09 GMT
Server: NetTalk-WebServer/4.17
Expires: Mon, 08 May 2023 06:09:09 GMT
Content-Type: text/html
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: SESSIONID=134701077
Connection: close

87.245.16.139:8080/scripts/all.js

87.245.16.139

200 OK

192 kB

URL GET HTTP/1.0
87.245.16.139:8080/scripts/all.js
IP
87.245.16.139:8080
ASN
#9145 EWE-Tel GmbH

Requested by
http://87.245.16.139:8080/

File type
JavaScript source, ASCII text, with very long lines (2054), with CRLF line terminators
Size
192 kB (191736 bytes)
Hash
50048d060d1e98e1814043bd5e7538f3
f719a2f4a4d7046e88eaf0dcd2ab8f9b6fdf3709
545b6c8934e24bc9a56a83c0ae19e7f699608ea6dff3baa94b7fcfc2ba21e432

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/all.js HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75241:5327601"
Last-Modified: Fri, 29 Dec 2006 12:47:56 GMT
Content-Type: application/x-javascript
Connection: close

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (10)

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP