| | 136.228.239.100 | 200 OK | 11 kB |
URL User Request GET HTTP/1.1IP136.228.239.100:80
File typeHTML document, ASCII text, with very long lines (688) Hash83c6ce0c113fb64df960aacad376b5d9 fb3e087a43b61601e8879094030198bf79e5faa3 1c60cdc647df4832232d20e34e0e7acea54efb7d800f8b4f7304b218254bdc22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 136.228.239.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 14:18:02 GMT
Server: iboss cloud
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
X-Frame-Options: DENY
Last-Modified: Tue, 23 Apr 2024 21:25:36 GMT
Accept-Ranges: bytes
Content-Length: 10690
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| checkip.dyndns.org/ | 193.122.130.0 | 200 OK | 104 B |
IP193.122.130.0:80 ASN#31898 ORACLE-BMC-31898
File typeHTML document, ASCII text, with CRLF line terminators Hash22ed9d4af1dab21dbf0ef3b639ccbd37 b201c7c5b7df4c0272b466e8ef1ecd45e016a01d 6efec0223e40e1febea87abe06a6d84df736129eb841044d00e1cd8c5794c053
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET POLICY External IP Lookup - checkip.dyndns.org | suricata | medium | ET POLICY External IP Lookup - checkip.dyndns.org |
GET / HTTP/1.1
Host: checkip.dyndns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://136.228.239.100/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 14:18:02 GMT
Content-Type: text/html
Content-Length: 104
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
|
|
| 136.228.239.100/1226/1226-block_page-mainContent.png | 136.228.239.100 | 200 OK | 6.9 kB |
URL GET HTTP/1.1136.228.239.100/1226/1226-block_page-mainContent.png IP136.228.239.100:80
File typePNG image data, 300 x 253, 8-bit/color RGBA, non-interlaced Hashc147dd440945ce06665a51397f66b1f7 e1b3662da555e8594e983a1221a1ed4bc67611ee 2d74a75042aa9fa29e2b064bc923583cea0106353f6f38bbc117b58815f94f6e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1226/1226-block_page-mainContent.png HTTP/1.1
Host: 136.228.239.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://136.228.239.100/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 14:18:03 GMT
Server: iboss cloud
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
X-Frame-Options: DENY
Last-Modified: Tue, 23 Apr 2024 21:25:36 GMT
Accept-Ranges: bytes
Content-Length: 6946
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| 136.228.239.100/ibreports/images/securedbyiboss.jpg | 136.228.239.100 | 200 200 | 15 kB |
URL GET HTTP/1.1136.228.239.100/ibreports/images/securedbyiboss.jpg IP136.228.239.100:80
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=15, height=19, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=133], progressive, precision 8, 133x19, components 3 Hash1d1a59dd3241adbda7982feab36b8d14 f167a257aa41ff779ccbc1a0ce13a3b93b59b256 8c98db1e03a074e06b3b888b170523bba4777bea93e135b12cbf9bd11fc777c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ibreports/images/securedbyiboss.jpg HTTP/1.1
Host: 136.228.239.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://136.228.239.100/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 200
Date: Fri, 10 May 2024 14:18:02 GMT
Server: iboss cloud
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
Accept-Ranges: bytes
ETag: W/"14889-1592373688000"
Last-Modified: Wed, 17 Jun 2020 06:01:28 GMT
Content-Length: 14889
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| 136.228.239.100/favicon.ico | 136.228.239.100 | 404 Not Found | 209 B |
URL GET HTTP/1.1136.228.239.100/favicon.ico IP136.228.239.100:80
File typeHTML document, ASCII text Hash18ffb59b61525f781cf9251045be575d bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 136.228.239.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://136.228.239.100/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 14:18:03 GMT
Server: iboss cloud
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
X-Frame-Options: DENY
Content-Length: 209
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| 136.228.239.100/1226/1226-block_page-logo.jpg | 136.228.239.100 | 200 OK | 73 kB |
URL GET HTTP/1.1136.228.239.100/1226/1226-block_page-logo.jpg IP136.228.239.100:80
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 229x217, components 3 Hashab7982c262b2040181f335d76f6a56e8 7ec1a4d41ae65bd088ee632f1493bd8b1416f6d3 ee51d7e775406e3dace446938440736510c128393b3c1391076b3a8422d25766
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1226/1226-block_page-logo.jpg HTTP/1.1
Host: 136.228.239.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://136.228.239.100/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 14:18:02 GMT
Server: iboss cloud
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
X-Frame-Options: DENY
Last-Modified: Tue, 23 Apr 2024 21:25:36 GMT
Accept-Ranges: bytes
Content-Length: 73348
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
|
|