Report - 196.30.227.163/

Report Overview

Submitted URL
196.30.227.163/
IP
196.30.227.163
ASN
#16637 MTN Business Solutions
Submitted
2024-04-24 06:28:41
Access
public
Website Title
Marriott Fund Research Tool
Final URL
196.30.227.163/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-23	543 B	16 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-24	428 B	1.2 kB	142.250.74.106
code.highcharts.com	11421	2009-10-27	2012-08-07	2024-04-21	410 B	132 kB	104.18.8.9
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-22	1.3 kB	165 kB	151.101.2.137
196.30.227.163	unknown	unknown	No data	No data	8.9 kB	112 kB	196.30.227.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed
2024-04-24	medium	196.30.227.163	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	196.30.227.163/	2.4 kB	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/ IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:48 Times Seen1 Hash 3728f761a0b06bf2fbd0ddfcc6c5f9a5 8f4b93324f970a05eb06770edd5f90605239e65a e3ce7df34197a46ea80a7c700c7c624970d6f42955cdafa11c74b66b2626882a Loading...

	196.30.227.163/WebResource.axd?d=TUY5t4Hpn30Dj-DGuR2PGGlUwjIUGsFlYGQlUkTWnWG_lCJZH9r7IIyFN5Ak3mhjVSKtBg-mb8T2yRDWPbFrnJZrCL0bX3zhNFQNaUfQZFU1&t=638431655907890137	23 kB	2023-03-07	2024-05-05
Pretty URL 196.30.227.163/WebResource.axd?d=TUY5t4Hpn30Dj-DGuR2PGGlUwjIUGsFlYGQlUkTWnWG_lCJZH9r7IIyFN5Ak3mhjVSKtBg-mb8T2yRDWPbFrnJZrCL0bX3zhNFQNaUfQZFU1&t=638431655907890137 IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:31 Last Seen2024-05-05 18:15:55 Times Seen42414 Hash 90ea7274f19755002360945d54c2a0d7 647b5d8bf7d119a2c97895363a07a0c6eb8cd284 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db Loading...

	196.30.227.163/	370 B	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/ IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:48 Times Seen1 Hash 7319f8c2b3f2bc53a27d7307dd0b4240 fd012170026d175b1a602fb79aa0d3152e20a8e5 a1b4ef016ed6313acd3a8f0e3af1322661250300411dc52678cb14a25dca6155 Loading...

	196.30.227.163/	142 B	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/ IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:48 Times Seen1 Hash 5fd9b52f535078f8cb457e0213f66cac 6d5e00aae502be41170ecb8e2de4e6701f870c01 c5da9836569f4777d2cadb4e75640050c483456428cc63618ed3d610e30615a3 Loading...

	196.30.227.163/	417 B	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/ IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:48 Times Seen1 Hash c2a03e903a90dc6589cb337fe6a6f985 65dcfcba7ccd9854f198a66d1e20682ff7f516bc 90305aaf4ead138584164c6ff64e21d4f0a2c3dc4f51611fe1ffd796eaa8d131 Loading...

	196.30.227.163/Controls/Shared/Navigation/NavigationMenu.js?v=0.11	14 kB	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/Controls/Shared/Navigation/NavigationMenu.js?v=0.11 IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:49 Times Seen2 Hash 37bd5677bdd52d7d6fdeb26d8ec17b5f b85eddfeff9c089d3ea93d106a7d014cb894fdc8 2ce27deef4c9aadcfb55352960e63aa764ae5b639d5807fb918be7b2f6422513 Loading...

	code.jquery.com/ui/1.12.1/jquery-ui.js	521 kB	2023-03-07	2024-05-05
Pretty URL code.jquery.com/ui/1.12.1/jquery-ui.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-05-05 18:51:42 Times Seen6043 Hash ab5284de5e3d221e53647fd348e5644b 75c20acdc6cbc6334fe2b918ab7afeec007f969e 4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d Loading...

	196.30.227.163/Controls/shared/js/cookies.js	1.3 kB	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/Controls/shared/js/cookies.js IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:49 Times Seen2 Hash d9b00b70431da4aeeaf61ef1d4d35624 ba9a9989620c4e145d0ec919d32413334b53d01d 501f836e115ecc2b12446567cd2dbe43d0db1c85c98dfa0604255fe66ca99541 Loading...

	196.30.227.163/	203 B	2023-03-07	2024-05-05
Pretty URL 196.30.227.163/ IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:09:12 Last Seen2024-05-05 18:15:53 Times Seen189 Hash ebdd92d2a64d7ad688a879906ef06820 fca25dd8d4fb8e8e4f2413e2cbe2ec0883b72227 e57ecdc6d9c1781fc176b4db1b24b7c5ab8d61f812e248299749a57ff75a0873 Loading...

	196.30.227.163/Controls/Shared/Navigation/FundSearch.js?v=0.07	8.3 kB	2024-04-24	2024-04-24
Pretty URL 196.30.227.163/Controls/Shared/Navigation/FundSearch.js?v=0.07 IP 196.30.227.163 ASN #16637 MTN Business Solutions Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-24 08:28:49 Times Seen2 Hash 8487e2e4cce607d2b33a727654b122c1 41a49d3050deef9ca49fc45b38eae201f2038782 8827dda5c5cce9454777ea507296fc625ead5d86e0c09fbd02d1837301b5bc83 Loading...

	code.jquery.com/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-06
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 01:58:20 Times Seen108812 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	code.highcharts.com/stock/highstock.js	380 kB	2024-04-24	2024-04-26
Pretty URL code.highcharts.com/stock/highstock.js IP 104.18.8.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 08:28:48 Last Seen2024-04-26 02:50:36 Times Seen5 Hash cfa080c5c44fdf96532e131cd74184f4 78247c64ffe89c1408517359a523e416ded52645 ab347e0b48b7b4a73f5fccf21ef2770f4f7a6fbcc5a0ceacf5017e9f373bea54 Loading...

HTTP Transactions (26)

URL IP Response Size

code.highcharts.com/stock/highstock.js

104.18.8.9

200 OK

132 kB

URL GET HTTP/2
code.highcharts.com/stock/highstock.js
IP
104.18.8.9:443
ASN
#13335 CLOUDFLARENET

Requested by
http://196.30.227.163/
Certificate
IssuerCloudflare, Inc.
Subjecthighcharts.com
Fingerprint4B:29:12:1B:43:1B:D7:5E:F0:0B:3B:12:5E:A7:8E:8B:C5:95:BC:79
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63317)
Size
132 kB (131786 bytes)
Hash
cfa080c5c44fdf96532e131cd74184f4
78247c64ffe89c1408517359a523e416ded52645
ab347e0b48b7b4a73f5fccf21ef2770f4f7a6fbcc5a0ceacf5017e9f373bea54

HTTP Headers

GET /stock/highstock.js HTTP/1.1
Host: code.highcharts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 06:28:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 131786
x-amz-id-2: bAd276l/zLVbNiwYtEpXEfbfDhk5KKuM71LY0DcApFbAvVUa/Bd9URYAmeG7RsNfIL0W4MIIAp4=
x-amz-request-id: YT09VDWRP6BBZ873
cache-control: public, max-age=2678400
content-encoding: gzip
expires: Sat, 25 May 2024 06:28:20 GMT
last-modified: Thu, 04 Apr 2024 13:12:25 GMT
etag: "043e08820d9109123fbf88b5b7d84a06"
cf-cache-status: HIT
age: 1703340
accept-ranges: bytes
vary: Accept-Encoding
set-cookie: _cfuvid=b36eeggZ7WdYoftqZAC4pN.nG5JQTyDuvupAVQLFGTk-1713940100060-0.0.1.1-604800000; path=/; domain=.highcharts.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8794085949fcb529-OSL
X-Firefox-Spdy: h2

code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css

151.101.2.137

200 OK

8.3 kB

URL GET HTTP/2
code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
http://196.30.227.163/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2363)
Size
8.3 kB (8323 bytes)
Hash
c4a88ec0cb998929a670c0c58d7dc526
03135a88e8dbc36020dd453d1e7407ce9a3a2cc2
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0

HTTP Headers

GET /ui/1.12.1/themes/base/jquery-ui.css HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-8c85"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 06:28:20 GMT
age: 19137903
x-served-by: cache-lga13627-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 42, 382248
x-timer: S1713940100.075784,VS0,VE0
vary: Accept-Encoding
content-length: 8323
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.min.js

151.101.2.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
http://196.30.227.163/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30288 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 06:28:20 GMT
age: 19139496
x-served-by: cache-lga13622-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 36, 827731
x-timer: S1713940100.094320,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2

code.jquery.com/ui/1.12.1/jquery-ui.js

151.101.2.137

200 OK

124 kB

URL GET HTTP/2
code.jquery.com/ui/1.12.1/jquery-ui.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
http://196.30.227.163/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1002)
Size
124 kB (124434 bytes)
Hash
ab5284de5e3d221e53647fd348e5644b
75c20acdc6cbc6334fe2b918ab7afeec007f969e
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d

HTTP Headers

GET /ui/1.12.1/jquery-ui.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-7f20a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 06:28:20 GMT
age: 19139497
x-served-by: cache-lga21932-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 322, 397193
x-timer: S1713940100.094828,VS0,VE0
vary: Accept-Encoding
content-length: 124434
X-Firefox-Spdy: h2

196.30.227.163/

196.30.227.163

200 OK

16 kB

URL User Request GET HTTP/1.1
196.30.227.163/
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10548), with CRLF line terminators
Size
16 kB (15689 bytes)
Hash
91541104d3c899f40c77af777f05ef3d
7d761dc1e4c4a0c090cbc285075d8380969e99d0
0991bad81aac07e055158810dc3cbf06fb5dc09af86d06d234e7539906e1ba55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: FDOVC=2024/04/24 08:28:16; expires=Wed, 24-Apr-2024 18:28:16 GMT; path=/
BrandingPage=/Default.aspx; expires=Thu, 25-Apr-2024 06:28:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:19 GMT
Content-Length: 15689

196.30.227.163/includes/css.v2/responsive_basic.css

196.30.227.163

200 OK

488 B

URL GET HTTP/1.1
196.30.227.163/includes/css.v2/responsive_basic.css
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
ASCII text, with CRLF line terminators
Size
488 B (488 bytes)
Hash
0914837eff759ae423e34e8ee8cd3c9a
b65896ed9b625d74d62876b0751b6e6809c59051
afff83b9246324a3c5997b56b9315b99a944964b239ce052488400aa8d4166a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /includes/css.v2/responsive_basic.css HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 12:21:33 GMT
Accept-Ranges: bytes
ETag: "78ed95d37b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 488

196.30.227.163/includes/css.v2/responsive_branding.css

196.30.227.163

200 OK

326 B

URL GET HTTP/1.1
196.30.227.163/includes/css.v2/responsive_branding.css
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
ASCII text, with CRLF line terminators
Size
326 B (326 bytes)
Hash
3ca502eeab20e2fb60bc0fa2900a9c72
d0c249f9d57008ef426299a61f26ce860e13b479
aa7c5955aef485080074c05ada5f155d9e603b0fdff960ffee85da33d306a663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /includes/css.v2/responsive_branding.css HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 12:21:34 GMT
Accept-Ranges: bytes
ETag: "bcd2b05d37b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 326

196.30.227.163/includes/css.v2/responsive_fundmenu.css

196.30.227.163

200 OK

342 B

URL GET HTTP/1.1
196.30.227.163/includes/css.v2/responsive_fundmenu.css
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
ASCII text, with CRLF line terminators
Size
342 B (342 bytes)
Hash
28370cc77c1def6675460b60466dfd5b
8e28deb4457a07fce0ab18709ba8edeadc3cd730
490a89d580d3d09a38a0d5b37af9f0a9892bc9d142c58078cef50be40d4eb6e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /includes/css.v2/responsive_fundmenu.css HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 12:21:34 GMT
Accept-Ranges: bytes
ETag: "048c65d37b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 342

196.30.227.163/Controls/Shared/Navigation/NavigationMenu.js?v=0.11

196.30.227.163

200 OK

2.7 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/NavigationMenu.js?v=0.11
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
2.7 kB (2696 bytes)
Hash
37bd5677bdd52d7d6fdeb26d8ec17b5f
b85eddfeff9c089d3ea93d106a7d014cb894fdc8
2ce27deef4c9aadcfb55352960e63aa764ae5b639d5807fb918be7b2f6422513

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/NavigationMenu.js?v=0.11 HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 11:49:46 GMT
Accept-Ranges: bytes
ETag: "0694fec32b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 2696

196.30.227.163/WebResource.axd?d=TUY5t4Hpn30Dj-DGuR2PGGlUwjIUGsFlYGQlUkTWnWG_lCJZH9r7IIyFN5Ak3mhjVSKtBg-mb8T2yRDWPbFrnJZrCL0bX3zhNFQNaUfQZFU1&t=638431655907890137

196.30.227.163

200 OK

6.0 kB

URL GET HTTP/1.1
196.30.227.163/WebResource.axd?d=TUY5t4Hpn30Dj-DGuR2PGGlUwjIUGsFlYGQlUkTWnWG_lCJZH9r7IIyFN5Ak3mhjVSKtBg-mb8T2yRDWPbFrnJZrCL0bX3zhNFQNaUfQZFU1&t=638431655907890137
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
6.0 kB (6007 bytes)
Hash
90ea7274f19755002360945d54c2a0d7
647b5d8bf7d119a2c97895363a07a0c6eb8cd284
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WebResource.axd?d=TUY5t4Hpn30Dj-DGuR2PGGlUwjIUGsFlYGQlUkTWnWG_lCJZH9r7IIyFN5Ak3mhjVSKtBg-mb8T2yRDWPbFrnJZrCL0bX3zhNFQNaUfQZFU1&t=638431655907890137 HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Content-Encoding: gzip
Expires: Thu, 24 Apr 2025 06:28:16 GMT
Last-Modified: Sat, 10 Feb 2024 10:39:50 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 6007

196.30.227.163/Controls/shared/js/cookies.js

196.30.227.163

200 OK

602 B

URL GET HTTP/1.1
196.30.227.163/Controls/shared/js/cookies.js
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
ASCII text, with CRLF line terminators
Size
602 B (602 bytes)
Hash
d9b00b70431da4aeeaf61ef1d4d35624
ba9a9989620c4e145d0ec919d32413334b53d01d
501f836e115ecc2b12446567cd2dbe43d0db1c85c98dfa0604255fe66ca99541

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/shared/js/cookies.js HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 11:49:33 GMT
Accept-Ranges: bytes
ETag: "44fb12e532b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 602

196.30.227.163/includes/css.v2/fdov2.css?v=2.1

196.30.227.163

200 OK

5.2 kB

URL GET HTTP/1.1
196.30.227.163/includes/css.v2/fdov2.css?v=2.1
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
5.2 kB (5156 bytes)
Hash
f4c10e755819a78c6c012d055ec00c24
ef0ccfbd80f2554ddeb19ddf62d6f683c479c105
fd530d609e32fe7d78c482ac77eadba8f83047366bd1c6e749415f48f87c8f4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /includes/css.v2/fdov2.css?v=2.1 HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 11:15:03 GMT
Accept-Ranges: bytes
ETag: "80d5b278fa99d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 5156

196.30.227.163/images/pdtiny.gif

196.30.227.163

200 OK

415 B

URL GET HTTP/1.1
196.30.227.163/images/pdtiny.gif
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
GIF image data, version 89a, 28 x 30
Size
415 B (415 bytes)
Hash
02851d75ec5fb6959ed519d9da1c99c1
22883229b1239330b08d45cd3635f6577c2b6133
25f7bc5c1fafe962d048b3687b6cc24fc38bd43f29f043d6a991e0bf80a3cc32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/pdtiny.gif HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 06 Nov 2020 12:19:24 GMT
Accept-Ranges: bytes
ETag: "baec891037b4d61:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 415

fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://196.30.227.163/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14940, version 1.0
Size
15 kB (14940 bytes)
Hash
a46fb7aae99225fdfd9d64b2b8b1063f
1ee50bf5985c1956dde1c06d9b1cec4645ddb92b
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

HTTP Headers

GET /s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://196.30.227.163
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 21:46:06 GMT
expires: Tue, 22 Apr 2025 21:46:06 GMT
cache-control: public, max-age=31536000
age: 117734
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

196.30.227.163/images/Twitter_button.png

196.30.227.163

200 OK

2.5 kB

URL GET HTTP/1.1
196.30.227.163/images/Twitter_button.png
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
PNG image data, 30 x 30, 8-bit/color RGBA, interlaced
Size
2.5 kB (2499 bytes)
Hash
ee26ae0e6dd0da9250dc1a14fffe15a6
fcdf3abf3667bceee6f6ed419d8b76e06220254d
8f20b87d848ae8b66dd8863024db7a4f269cce94fc87f2421fd6b1115d20a51b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/Twitter_button.png HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 06 Nov 2020 12:19:39 GMT
Accept-Ranges: bytes
ETag: "a054271937b4d61:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 2499

196.30.227.163/images/spinner.gif

196.30.227.163

200 OK

4.2 kB

URL GET HTTP/1.1
196.30.227.163/images/spinner.gif
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
GIF image data, version 89a, 32 x 32
Size
4.2 kB (4178 bytes)
Hash
20295fd727fbc02635f3d8c947e54556
de01015db36a6330d4e0854a69555a5e3f3556c7
93c99b1a62bdef426c6029d8eeaa796af079bd0b67c7bd67fda444e8afb6f562

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/spinner.gif HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 06 Nov 2020 12:19:36 GMT
Accept-Ranges: bytes
ETag: "b4f15f1737b4d61:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 4178

196.30.227.163/images/MarriottLogo.png

196.30.227.163

200 OK

21 kB

URL GET HTTP/1.1
196.30.227.163/images/MarriottLogo.png
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
PNG image data, 249 x 95, 8-bit/color RGB, non-interlaced
Size
21 kB (20798 bytes)
Hash
8f965ff1d948bb2d45a93654a530e170
a98e7e7d806ad876187f2596b1f5a17a6fd37df2
7ac4cb1d9235feaa15ffd3e806ac682b0073d167a4216f7ec689c0a9332d0250

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/MarriottLogo.png HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 30 Sep 2022 11:13:54 GMT
Accept-Ranges: bytes
ETag: "05e3b9bdd4d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 20798

196.30.227.163/Controls/Shared/Navigation/FundSearch.js?v=0.07

196.30.227.163

200 OK

2.0 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/FundSearch.js?v=0.07
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
HTML document, ASCII text, with CRLF line terminators
Size
2.0 kB (1995 bytes)
Hash
8487e2e4cce607d2b33a727654b122c1
41a49d3050deef9ca49fc45b38eae201f2038782
8827dda5c5cce9454777ea507296fc625ead5d86e0c09fbd02d1837301b5bc83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/FundSearch.js?v=0.07 HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 06 Nov 2020 11:49:45 GMT
Accept-Ranges: bytes
ETag: "80d2b6eb32b4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:20 GMT
Content-Length: 1995

196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=benchmarkindex

196.30.227.163

200 OK

1.4 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=benchmarkindex
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JSON text data
Size
1.4 kB (1394 bytes)
Hash
bc4a12496a1c00cb926fdd30c6be82cb
f38fb146aff4732a0c44f3a697fc0db5e7ff2bcc
fa96bb85ab9a867ee566d385857e96dd2294d89c0d41b2e262581b16f3cff720

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=benchmarkindex HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:21 GMT
Content-Length: 1394

196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=sectorindex

196.30.227.163

200 OK

2.6 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=sectorindex
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JSON text data
Size
2.6 kB (2568 bytes)
Hash
d2691b502c00c55e144a0c8d2ad011a8
bb0ea12f7a066e64826baff699e821c23c86e0a5
e9b79067a468a3a4dc4d5e7c380ee12095208e6976521d4b6c82bdc10c251ade

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=sectorindex HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:21 GMT
Content-Length: 2568

fonts.googleapis.com/css?family=Montserrat

142.250.74.106

200 OK

531 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Montserrat
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://196.30.227.163/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text
Size
531 B (531 bytes)
Hash
041a47896c77c2040dc1fd157d7d9946
6ed6b6b2f5a21e0bd9a061f3db267689c953a029
11f0f33f9711ca7551b10cdff821a5c9b8ab7d74055c1d84adf61708991774a4

HTTP Headers

GET /css?family=Montserrat HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 06:28:20 GMT
date: Wed, 24 Apr 2024 06:28:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

196.30.227.163/favicon.ico

196.30.227.163

404 Not Found

1.2 kB

URL GET HTTP/1.1
196.30.227.163/favicon.ico
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:21 GMT
Content-Length: 1245

196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=mancoindex

196.30.227.163

200 OK

4.2 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=mancoindex
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JSON text data
Size
4.2 kB (4214 bytes)
Hash
aae6de516c73cf45613ec302ec0146ef
d8866981715b98c021f96343e3ea6ed6a1a1a07f
49ce31e09c413a5df871207cb4648d8f425c8613ca1253b1340c34f1e90efef4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=mancoindex HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:21 GMT
Content-Length: 4214

196.30.227.163/Controls/Shared/Navigation/QuickFundSearchJSONdata.aspx?i=funds

196.30.227.163

200 OK

36 kB

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/Navigation/QuickFundSearchJSONdata.aspx?i=funds
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type
JSON text data
Size
36 kB (36309 bytes)
Hash
47e3dfc0176bb1c04dc839df395fa3ec
8a54a905392956d757624f1fcefd8ae83655fed1
0bc9af855fcd7dbf26efb6bce61861751aef0d485c7a09750635be231b5bcffa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/QuickFundSearchJSONdata.aspx?i=funds HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:33 GMT
Content-Length: 36309

196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=fundindex

0.0.0.0

0 B

URL GET
196.30.227.163/Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=fundindex
IP
0.0.0.0:0
ASN
#0

Requested by
http://196.30.227.163/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/Navigation/NavigationMenuJSONdata.aspx?i=fundindex HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

196.30.227.163/Controls/Shared/WebLogs/WebLogsJSONdata.aspx?URL=

196.30.227.163

200 OK

0 B

URL GET HTTP/1.1
196.30.227.163/Controls/Shared/WebLogs/WebLogsJSONdata.aspx?URL=
IP
196.30.227.163:80
ASN
#16637 MTN Business Solutions

Requested by
http://196.30.227.163/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Controls/Shared/WebLogs/WebLogsJSONdata.aspx?URL= HTTP/1.1
Host: 196.30.227.163
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://196.30.227.163/
Cookie: FDOVC=2024/04/24 08:28:16; BrandingPage=/Default.aspx
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Expires: -1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Apr 2024 06:28:21 GMT
Content-Length: 0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML