Overview

URL lofting.ru/fleshesq.html
IP195.208.1.107
ASNAS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'
Location Russian Federation
Report completed2019-02-11 05:59:03 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-11 2 goodlines-4burnfat.world/all/asca/cpc?bhu=CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.208.1.107

Date UQ / IDS / BL URL IP
2019-06-10 19:53:04 +0200
0 - 0 - 1 v2.amtrade-eng.ru/sources/primary/cont/onstep (...) 195.208.1.107
2019-06-10 19:15:03 +0200
0 - 0 - 1 socio-research.ru/new/s-mg5.mail.yahoo.com.htm 195.208.1.107
2019-06-10 18:36:57 +0200
0 - 0 - 11 www.elon-surprise.space/ 195.208.1.107
2019-06-10 18:24:01 +0200
0 - 0 - 7 www.elon-surprise.space/b/ 195.208.1.107
2019-06-10 12:59:21 +0200
0 - 0 - 4 compitrade.ru/v5ihaq00 195.208.1.107
2019-06-09 17:56:58 +0200
1 - 2 - 3 zheschool3.ru/logs/admintrator/grantaccess 195.208.1.107
2019-06-09 11:40:08 +0200
0 - 0 - 7 kimtec.net/7a3ba897f11ee31ea52758ceb4a28181/s (...) 195.208.1.107
2019-06-09 11:37:23 +0200
0 - 0 - 7 kimtec.net/7f9056d4d4fd2fd530a4490170c4eb67/s (...) 195.208.1.107
2019-06-09 11:37:21 +0200
0 - 0 - 7 kimtec.net/450a26e26ce0e681ce138ec65381a7b3/s (...) 195.208.1.107
2019-06-09 11:37:13 +0200
0 - 0 - 7 kimtec.net/10db41d96e9ce103b14245f0939a3dbd/s (...) 195.208.1.107

Last 10 reports on ASN: AS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'

Date UQ / IDS / BL URL IP
2019-06-19 00:47:13 +0200
0 - 0 - 0 rmansys.ru 194.85.95.48
2019-06-18 20:19:37 +0200
0 - 0 - 0 leto-lm.ru 195.208.1.105
2019-06-17 09:02:09 +0200
0 - 0 - 0 izplastika.ru/vzfpqeic/development.html 195.208.1.105
2019-06-15 16:53:42 +0200
0 - 0 - 10 www.teslateam.online 195.208.1.105
2019-06-11 00:14:58 +0200
0 - 6 - 0 ist.spb.su/ 195.208.1.132
2019-06-10 22:28:48 +0200
0 - 1 - 0 iftp.ru/ 195.208.1.119
2019-06-10 20:31:36 +0200
0 - 0 - 1 millenniumplaza.ru/vdu1mdv0enhmodgyoxv4 195.208.1.105
2019-06-10 20:22:11 +0200
0 - 0 - 1 npobastion.ru/catalog/istochniki-pitaniya-dly (...) 195.208.1.167
2019-06-10 19:53:04 +0200
0 - 0 - 1 v2.amtrade-eng.ru/sources/primary/cont/onstep (...) 195.208.1.107
2019-06-10 19:37:41 +0200
0 - 0 - 1 ostmedic.ru/netflix-web-serveraccounts-www 195.208.1.105

No other reports on domain: lofting.ru



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (11)


Request Response
                                        
                                            GET /fleshesq.html HTTP/1.1 
Host: lofting.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.107
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.2
Date: Mon, 11 Feb 2019 04:58:30 GMT
Content-Length: 1555
Connection: keep-alive
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text
Size:   1555
Md5:    445877dc2776ded2361cfc33adc48a97
Sha1:   88887f8977df7518384cd4034473d242fbc790aa
Sha256: 7028348a8f367b0a04485570ba0f5d3de2cf4a1a8470ae483be26e5dca588670
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: lofting.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.107
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.2
Date: Mon, 11 Feb 2019 04:58:30 GMT
Content-Length: 1516
Connection: keep-alive
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1516
Md5:    1a5a0e23ba2b8bd1cd498c5a5494a1d0
Sha1:   6df6521685abb09897e2398940e85836120aa887
Sha256: a82278768fc6f4ec5c4ebd68954b58d0368a5139af472343dc08d2bf5b56aa9c
                                        
                                            GET /?a=401336&c=cpcdiet&s=140119 HTTP/1.1 
Host: goodlines-4burnfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lofting.ru/fleshesq.html

                                         
                                         209.141.51.152
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.14.2
Date: Mon, 11 Feb 2019 04:58:32 GMT
Content-Length: 185
Connection: keep-alive
Location: https://goodlines-4burnfat.world/?a=401336&c=cpcdiet&s=140119


--- Additional Info ---
Magic:  HTML document text
Size:   185
Md5:    4c555068310076e85908835c721911f5
Sha1:   9ec990aabb4391e139034f68e5e657e0f1d0b74d
Sha256: 568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "6EDAEDBFB65F83A89FF4431419B0B32CE781E21B6C0586B3B228D0298DD4D7A7"
Last-Modified: Sun, 10 Feb 2019 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=33861
Expires: Mon, 11 Feb 2019 14:22:53 GMT
Date: Mon, 11 Feb 2019 04:58:32 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    cef3c4d73655a4967486e07a281a503f
Sha1:   570a71618cdfeaf25497280d628b812d80662439
Sha256: 6edaedbfb65f83a89ff4431419b0b32ce781e21b6c0586b3b228d0298dd4d7a7
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Thu, 07 Feb 2019 23:55:28 GMT
Etag: "51ffedd62653676c120a8c4d143b0fbf59c8409b"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=25413
Expires: Mon, 11 Feb 2019 12:02:05 GMT
Date: Mon, 11 Feb 2019 04:58:32 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    745f16ad26febf7092c2ff8f53a4327b
Sha1:   51ffedd62653676c120a8c4d143b0fbf59c8409b
Sha256: b9b9e714c2ced9f51a984f64ca55297e130fe38353ad449207659377d6cbe837
                                        
                                            GET /?a=401336&c=cpcdiet&s=140119 HTTP/1.1 
Host: goodlines-4burnfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lofting.ru/fleshesq.html

                                         
                                         209.141.51.152
HTTP/1.1 303 See Other
                                        
Server: nginx/1.14.2
Date: Mon, 11 Feb 2019 04:58:33 GMT
Content-Length: 0
Connection: keep-alive
Location: https://goodlines-4burnfat.world/all/asca/cpc?bhu=CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp
Set-Cookie: UUID=U1777-90-1934-401336-537439; expires=Tue, 12 Feb 2019 04:58:33 GMT; path=/ _data=HeFSMLLhbq9Ww5s8My7HzjQ9gxpyM8DfBE8aY
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload


--- Additional Info ---
                                        
                                            GET /all/asca/cpc?bhu=CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp HTTP/1.1 
Host: goodlines-4burnfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lofting.ru/fleshesq.html
Cookie: UUID=U1777-90-1934-401336-537439; _data=HeFSMLLhbq9Ww5s8My7HzjQ9gxpyM8DfBE8aY

                                         
                                         209.141.51.152
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.14.2
Date: Mon, 11 Feb 2019 04:58:33 GMT
Content-Length: 298
Connection: keep-alive
X-Powered-By: ARR/2.5(db7954aec)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text
Size:   298
Md5:    ebaa56e6464d67f3b54a941ded6f8f10
Sha1:   2e56e7eb09b9b169bf2497df347921b4b3be3124
Sha256: 96cfe894dfb7bc457bf57e645c0141643970a8a5089eb68d15569b243544b2ad

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /assets/CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp/theme_plcqiy.css?CID=411298&ADID=2129826 HTTP/1.1 
Host: goodlines-4burnfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://goodlines-4burnfat.world/all/asca/cpc?bhu=CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp
Cookie: UUID=U1777-90-1934-401336-537439; _data=HeFSMLLhbq9Ww5s8My7HzjQ9gxpyM8DfBE8aY

                                         
                                         209.141.51.152
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.14.2
Date: Mon, 11 Feb 2019 04:58:33 GMT
Content-Length: 21
Connection: keep-alive
Set-Cookie: _view=true; expires=Tue, 12 Feb 2019 04:58:33 GMT; path=/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   21
Md5:    18344450471966e26d48e47bf2171ee3
Sha1:   aac149a94aa35965e088a6a63c428d6056275ab2
Sha256: 4e0f2cb203e4cbd5c7433d348c079f8e08f305de9b8fc88ae19ff4c57974962f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: goodlines-4burnfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: UUID=U1777-90-1934-401336-537439; _data=HeFSMLLhbq9Ww5s8My7HzjQ9gxpyM8DfBE8aY; _view=true

                                         
                                         209.141.51.152
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx/1.14.2
Date: Mon, 11 Feb 2019 04:58:33 GMT
Content-Length: 790
Connection: keep-alive
Last-Modified: Tue, 29 Jan 2019 16:00:52 GMT
Etag: "5c5078b4-316"
Expires: Mon, 18 Feb 2019 04:58:33 GMT
Cache-Control: max-age=604800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   790
Md5:    2aa1fc87608f47af9fbe7a28537d83a6
Sha1:   126b18b5ab5a1df8fdfd5435c91d93c314d770b3
Sha256: 3ffde8a57281c9b5377702644247b38bed27dcd0e97b6307c6514add01233a28
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: lofting.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.107
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.2
Date: Mon, 11 Feb 2019 04:58:33 GMT
Content-Length: 1516
Connection: keep-alive
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1516
Md5:    1a5a0e23ba2b8bd1cd498c5a5494a1d0
Sha1:   6df6521685abb09897e2398940e85836120aa887
Sha256: a82278768fc6f4ec5c4ebd68954b58d0368a5139af472343dc08d2bf5b56aa9c
                                        
                                            GET / HTTP/1.1 
Host: hotorganicoutlet.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://goodlines-4burnfat.world/all/asca/cpc?bhu=CWpZQAAgAKdEduQAcDUVLcZKKscoD9dZxifJp

                                         
                                         0.0.0.0
                                        


--- Additional Info ---