Overview

URL www.ghbnm.strangled.net/.kb/.xdtbmdnbjqsfbae/Y3JhaWcuaG9wZUBjZXJuZXIuY29t
IP185.157.77.47
ASN
Location Unknown
Report completed2019-04-23 18:47:12 CEST
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 185.157.77.47

Date UQ / IDS / BL URL IP
2019-05-16 11:55:39 +0200
1 - 0 - 0 orezws.bounceme.net/ 185.157.77.47
2019-04-25 18:35:14 +0200
0 - 0 - 1 hbghy.strangled.net/ 185.157.77.47
2019-04-24 20:55:47 +0200
6 - 0 - 2 hbghy.strangled.net/nc/.izoimessljhmknq/cGhpb (...) 185.157.77.47
2019-04-23 18:05:22 +0200
6 - 0 - 1 www.ghbnm.strangled.net/pu/.vgfpfnrfhqnuvsg/c (...) 185.157.77.47

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-05-20 13:31:11 +0200
0 - 0 - 2 naturezaelimpeza.com.br/regedit/config.bin 50.116.87.103
2019-05-20 13:30:54 +0200
0 - 0 - 3 electros.co.ua 185.67.1.16
2019-05-20 13:30:49 +0200
0 - 2 - 1 movementbeyond.net/dep/win32xmg01.exe 67.195.197.75
2019-05-20 13:30:37 +0200
0 - 0 - 0 https://www.chicagoyoi.com/forum/introduction (...) 185.230.62.177
2019-05-20 13:30:36 +0200
0 - 1 - 0 xingluren.cn/cmd.exe 106.14.228.186
2019-05-20 13:30:18 +0200
0 - 0 - 0 https://www.chicagoyoi.com/forum/introduction (...) 185.230.62.177
2019-05-20 13:30:10 +0200
0 - 4 - 1 12020.url.tudown.com/down/DNF%E7%A7%81%E6%9C% (...) 139.224.39.0
2019-05-20 13:30:09 +0200
0 - 4 - 1 15036.url.246546.com/down/%E6%88%98%E5%9C%B04 (...) 114.55.188.114
2019-05-20 13:30:07 +0200
0 - 4 - 1 15287.url.9xiazaiqi.com/xiaz/Office2010@418_2 (...) 139.224.39.0
2019-05-20 13:30:05 +0200
0 - 4 - 1 15034.url.246546.com/down/excel2003%E5%AE%98% (...) 139.224.39.0

No other reports on domain: strangled.net



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (11)


Request Response
                                        
                                            GET /.kb/.xdtbmdnbjqsfbae/Y3JhaWcuaG9wZUBjZXJuZXIuY29t HTTP/1.1 
Host: www.ghbnm.strangled.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:40 GMT
Content-Length: 2
Connection: keep-alive
Keep-Alive: timeout=60
refresh: 0;url=https://bhgtu.3utilities.com/nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4#n=update&request=1&activation=1
X-Cache: HIT from Backend


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2
Md5:    81051bcc2cf1bedf378224b0a93e2877
Sha1:   ba8ab5a0280b953aa97435ff8946cbcbb2755a27
Sha256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.ghbnm.strangled.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.157.77.47
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:40 GMT
Content-Length: 209
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "8F764B24A72454479273940074D2B05DBE120AFCF4ACEAF80F8F04F42AE65965"
Last-Modified: Tue, 23 Apr 2019 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43180
Expires: Wed, 24 Apr 2019 04:46:21 GMT
Date: Tue, 23 Apr 2019 16:46:41 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    acdff5826d7bc211a98206f1a528d304
Sha1:   2bd6506d321601c87e1e5e3933ea06358d625038
Sha256: 8f764b24a72454479273940074d2b05dbe120afcf4aceaf80f8f04f42ae65965
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.26
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Mon, 22 Apr 2019 22:35:19 GMT
Etag: "663219eaba88f97cd00700da697d554036e92214"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=13163
Expires: Tue, 23 Apr 2019 20:26:04 GMT
Date: Tue, 23 Apr 2019 16:46:41 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    237c73cd3829a603570b0460aa015e57
Sha1:   663219eaba88f97cd00700da697d554036e92214
Sha256: f07c8435e52553357513203937538f070529df505a9f892b803770b79ce1c5c9
                                        
                                            GET /nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4 HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3453
Md5:    66ec79405755719ea09e6e0eab7e5572
Sha1:   ff0c67a5fc34139edefcb766f37663386f3868ee
Sha256: 1e698e976531101e7e6084299026d971e7fb4360c00535b96b9550b88f65aab4

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /nb/files/Converged1033.css HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bhgtu.3utilities.com/nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Last-Modified: Tue, 28 Aug 2018 16:07:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Etag: W/"5b857330-1564c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   16703
Md5:    ef43199cef06dbdc52e9922a47274957
Sha1:   5887d1a95700170371f037b3700592ae31885aa1
Sha256: fac169e62a0e8760575fad68ebb6da52336233823a14eb8d1d385b6d6540f46e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /nb/files/favicon.ico HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Last-Modified: Sat, 23 Jun 2018 02:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Etag: W/"5b2dabf0-4316"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   540
Md5:    88f3860396e24fa5ecc3f8780d7ca4f1
Sha1:   e45423b2d081e93d66fd77af8c858c1ca7041439
Sha256: 25acd49f215569764f133dcb88139b5efe228fbb8c8b959b5459bb2eebf24bd5

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /nb/files/microsoft_logo.svg HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bhgtu.3utilities.com/nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Last-Modified: Sat, 23 Jun 2018 02:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Etag: W/"5b2dabf0-e43"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1435
Md5:    3f6fc8172c301b8a360c494172244130
Sha1:   ae972756ad83f3cbddc79addedf7b3ee4ce5263f
Sha256: 40737a9692e491398e4622c564bb53e842325ca1f046fb4d01cb707c12d0435d

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /nb/files/0-small.jpg HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bhgtu.3utilities.com/nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Last-Modified: Sat, 23 Jun 2018 02:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Etag: W/"5b2dabf0-405"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   823
Md5:    b2b2d8bbec76cac3c6147c462419becc
Sha1:   8824c1b0a57996b3296d272d534eb59a77b8756a
Sha256: f268f3805ac196a3466bd348e00126e0ee9d10dd83e19c6b942b99370a48e9be

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /nb/files/0.jpg HTTP/1.1 
Host: bhgtu.3utilities.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bhgtu.3utilities.com/nb/?securessl=true&email=craig.hope@cerner.com&.rand=office365.aspx?n=account&fid=4

                                         
                                         185.157.77.47
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:41 GMT
Last-Modified: Sat, 23 Jun 2018 02:09:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Etag: W/"5b2dabf0-48c79"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   294056
Md5:    8491b7e69132747362234cd013249efa
Sha1:   828da96dc28b90695b51e25385b30540c3639cc5
Sha256: b67f691040bf4ad210b0c53caf3a1b63f38be2d18d4c5e77f151914f2a2678a1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.ghbnm.strangled.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.157.77.47
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:46:43 GMT
Content-Length: 209
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642