Report - 200.124.164.6:81/

Report Overview

Submitted URL
200.124.164.6:81/
IP
200.124.164.6
ASN
#270277 Nexus Telecom
Submitted
2024-05-08 02:37:13
Access
public
Website Title
JSNET
Final URL
200.124.164.6:81/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
50

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
200.124.164.6:81	unknown	unknown	No data	No data	8.8 kB	231 kB	200.124.164.6
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	791 B	2.9 kB	142.250.74.164
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-07	406 B	6.6 kB	142.250.74.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed
2024-05-08	medium	200.124.164.6	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	www.google.com/cse/brand?form=cse-search-box&lang=pt	14 kB	2023-03-07	2024-05-19
Pretty URL www.google.com/cse/brand?form=cse-search-box&lang=pt IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:13 Last Seen2024-05-19 15:35:17 Times Seen3692 Hash 5fd232d76f845e55064ad5069abfc141 afaa74984a2c8eb086ff2d22e0ad2abfce7d272e 6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69 Loading...

	200.124.164.6:81/	553 B	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/ IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen217 Hash 8765fc442be3d8c2c1b8d66056464306 176356e5d0dca7092be7210831e9cd2be0bd5b9a b8d13fa894ccd4d39ff1fd0f36dafdc2b213fc5e5ba1127d794178062befebd7 Loading...

	200.124.164.6:81/scripts/AC_RunActiveContent.js	3.4 kB	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/scripts/AC_RunActiveContent.js IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen262 Hash ae56d02f42b582e11647155fef36ceda 0042f7798243c5258a68fdec9c311690275c4711 2eb0464eb6c8bdd06125cc5f1de7b6f7ed17d3c06a7634b49e99f3d58811ad10 Loading...

	200.124.164.6:81/scripts/hotsite.js	5.9 kB	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/scripts/hotsite.js IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen243 Hash 2f15115c160bf0a30d13807ba662a4da 7e982357d323ffbf3dc02eedb8b51c3a9abb0bf3 e5ee3ba85c518390e8eef447ea9f3b44716bff2e24eb7f83ca32a657a32de693 Loading...

	200.124.164.6:81/scripts/jquery.js	268 kB	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/scripts/jquery.js IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen485 Hash a5b2a13f2dc62522d7e3da1a3d50c58d d1235df56e172138685a2ac897057b39d412153b 260672b0e926ecd5eec148180ee6a15b8492a7c5b5249be802ddf6891c2aa049 Loading...

	200.124.164.6:81/scripts/jgrowl.js	9.1 kB	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/scripts/jgrowl.js IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen479 Hash e0f99b1dbd0ab827bc5c2a74cffcd09d 1c78af27e9c8b5f04d53d78ebc4fb20f8da24dc2 89c550168397d4ece3983d5ef5f8a70cf0feb0cab86ba263b099eb4c32e2b2cf Loading...

	200.124.164.6:81/	173 B	2023-03-29	2024-05-08
Pretty URL 200.124.164.6:81/ IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 23:16:54 Last Seen2024-05-08 04:37:20 Times Seen10 Hash 1cab718e93d25a79ed46a5a00b76aa56 d9d7c4c52931347cfd84485a19bf9ca36fa8b22d 09b6afbd4c2d0b94d377c7710f09b4d576631d833d60ce11d3e71a54b5e49979 Loading...

	200.124.164.6:81/	296 B	2023-03-07	2024-05-08
Pretty URL 200.124.164.6:81/ IP 200.124.164.6 ASN #270277 Nexus Telecom Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen84 Hash 3058de829cbbb44217553f8fa350d65d 6589047a89c6976b04714737cba86235b77e1ff9 112cc1bda17df1ebdedca4ac99801ad68e718d008d81bf93fd00d06837547122 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9f0ef362cfed5317f60c198325bac20d	382 B	2023-03-29	2024-05-08
Pretty Observations First Seen2023-03-29 23:16:54 Last Seen2024-05-08 04:37:20 Times Seen10 Hash 9f0ef362cfed5317f60c198325bac20d 523a3c61da000d7c4988ab04979253eb2d4c80f0 17f46dd3d2a8e9a37227b5f90a33397af3a321cccdb67f8111770ed5bda2b16a Loading...

	#2 Write - 6a508f21d86d5ea683eb1e48852d9937	465 B	2023-03-07	2024-05-08
Pretty Observations First Seen2023-03-07 12:12:36 Last Seen2024-05-08 04:37:20 Times Seen84 Hash 6a508f21d86d5ea683eb1e48852d9937 8a32108915c177a0a8266037791ee7db0ff56127 be957e5ba1fbbfb2581e3639ed2d97ad6a5706019f8e6bf29a0efcd49f86952c Loading...

HTTP Transactions (28)

URL IP Response Size

200.124.164.6:81/

200.124.164.6

200 OK

3.4 kB

URL User Request GET HTTP/1.1
200.124.164.6:81/
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

File type
HTML document, ISO-8859 text, with very long lines (389), with CRLF line terminators
Size
3.4 kB (3445 bytes)
Hash
1281de0750345b17c4bb54c64f691148
bf5e6ed9271180a61aff67b60fc610ed37ada76c
250d6f5d9489d9b7c18703cdfacb728ddbe367c525c16094a04976ee5c4f315c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/5.3.16
Vary: Accept-Encoding
Content-Encoding: gzip
MKAUTH: FILES
Content-Length: 3445
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

www.google.com/cse/brand?form=cse-search-box&lang=pt

142.250.74.164

301 Moved Permanently

237 B

URL GET HTTP/1.1
www.google.com/cse/brand?form=cse-search-box&lang=pt
IP
142.250.74.164:80
ASN
#15169 GOOGLE

Requested by
http://200.124.164.6:81/

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
237 B (237 bytes)
Hash
bda0dec939809d66ff8388fe5c716412
d768e1edcca0d64e15c1a26978d19c8fdfbd4e4f
334f05a39cdb64bac9f876dd2a2011649d08d578f6d751460c91ca294f3304cd

HTTP Headers

GET /cse/brand?form=cse-search-box&lang=pt HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Location: https://www.gstatic.com/prose/brandjs.js
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 08 May 2024 02:36:48 GMT
Expires: Wed, 08 May 2024 03:06:48 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 237
X-XSS-Protection: 0

200.124.164.6:81/estilos/estilo.css

200.124.164.6

200 OK

1.0 kB

URL GET HTTP/1.1
200.124.164.6:81/estilos/estilo.css
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
ISO-8859 text, with CRLF line terminators
Size
1.0 kB (1008 bytes)
Hash
cda9054718e7e024b9a4fa28206b86ea
2dd7d694ce8b273873de1f49d55a156f2e804ade
da3c0e1fcd07f5339006d606c8c5263565ed9f4c50af9dc6c10afc8d8e4a2d34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /estilos/estilo.css HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 08 Aug 2016 15:12:06 GMT
ETag: "1391-53990d6d65d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Content-Length: 1008
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.gstatic.com/prose/brandjs.js

142.250.74.99

200 OK

5.8 kB

URL GET HTTP/2
www.gstatic.com/prose/brandjs.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
http://200.124.164.6:81/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (1352)
Size
5.8 kB (5807 bytes)
Hash
5fd232d76f845e55064ad5069abfc141
afaa74984a2c8eb086ff2d22e0ad2abfce7d272e
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

HTTP Headers

GET /prose/brandjs.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://200.124.164.6:81/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 5807
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 06:17:22 GMT
expires: Wed, 08 May 2024 06:17:22 GMT
cache-control: public, max-age=86400
age: 73166
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

200.124.164.6:81/estilos/jgrowl.css

200.124.164.6

200 OK

636 B

URL GET HTTP/1.1
200.124.164.6:81/estilos/jgrowl.css
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
ASCII text
Size
636 B (636 bytes)
Hash
987e35b3fd5ce6d6133e3cd759febc65
1fce8bb554fb649fe379330abedb809c32643a0b
38d565352217ff4565c1688ccd2808ed3b2692033bcf5666b85c8f49e3c637e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /estilos/jgrowl.css HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Fri, 17 Nov 2017 00:43:58 GMT
ETag: "870-55e2308334f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Content-Length: 636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

200.124.164.6:81/scripts/jgrowl.js

200.124.164.6

200 OK

2.8 kB

URL GET HTTP/1.1
200.124.164.6:81/scripts/jgrowl.js
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JavaScript source, ASCII text
Size
2.8 kB (2752 bytes)
Hash
e0f99b1dbd0ab827bc5c2a74cffcd09d
1c78af27e9c8b5f04d53d78ebc4fb20f8da24dc2
89c550168397d4ece3983d5ef5f8a70cf0feb0cab86ba263b099eb4c32e2b2cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/jgrowl.js HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 29 May 2017 13:15:30 GMT
ETag: "23a5-550a97b302080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Content-Length: 2752
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

200.124.164.6:81/scripts/AC_RunActiveContent.js

200.124.164.6

200 OK

1.1 kB

URL GET HTTP/1.1
200.124.164.6:81/scripts/AC_RunActiveContent.js
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1061 bytes)
Hash
ae56d02f42b582e11647155fef36ceda
0042f7798243c5258a68fdec9c311690275c4711
2eb0464eb6c8bdd06125cc5f1de7b6f7ed17d3c06a7634b49e99f3d58811ad10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/AC_RunActiveContent.js HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 12 Mar 2012 02:22:34 GMT
ETag: "d1f-4bb026a43ce80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Content-Length: 1061
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

200.124.164.6:81/scripts/hotsite.js

200.124.164.6

200 OK

1.7 kB

URL GET HTTP/1.1
200.124.164.6:81/scripts/hotsite.js
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
ISO-8859 text, with CRLF line terminators
Size
1.7 kB (1693 bytes)
Hash
8572480fede4c07314e70fa9f0c915d9
7f7b89c4e618d53ae5bdcb58e349dbc7b426b851
7d7116ee96c4e7a00a4e714c5b87d022ed36bb5a73b5669089fb2146256b517a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/hotsite.js HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 20 Nov 2017 01:03:02 GMT
ETag: "16d2-55e5fa5e97d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Content-Length: 1693
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

200.124.164.6:81/scripts/jquery.js

200.124.164.6

200 OK

80 kB

URL GET HTTP/1.1
200.124.164.6:81/scripts/jquery.js
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JavaScript source, ASCII text
Size
80 kB (79515 bytes)
Hash
a5b2a13f2dc62522d7e3da1a3d50c58d
d1235df56e172138685a2ac897057b39d412153b
260672b0e926ecd5eec148180ee6a15b8492a7c5b5249be802ddf6891c2aa049

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/jquery.js HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:04 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Sun, 19 Nov 2017 14:43:22 GMT
ETag: "415f6-55e56fdcfb680-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:04 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

200.124.164.6:81/imagens/img_web_bar.jpg

200.124.164.6

200 OK

1.9 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_web_bar.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 53x30, components 3
Size
1.9 kB (1885 bytes)
Hash
500c750768df94eb6257882333c16bee
6b74ed202580c61b8f59938b00cc61b3f70ed247
5e8042dd775bf705f6117716de32f89c3e34bf4b536b461035707d28b9feea8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_web_bar.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 10 Aug 2009 02:04:58 GMT
ETag: "75d-470c003492680"
Accept-Ranges: bytes
Content-Length: 1885
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/anatel.jpg

200.124.164.6

200 OK

9.5 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/anatel.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 194x27, components 3
Size
9.5 kB (9460 bytes)
Hash
94a89dad756d817f9ea3282bbd361c1b
ed7984cf1ff84b4ecd973026bc0c304a73d9dc89
281626deae049382786a1b30c14679c1ed386cbe42e2d89d71a12563a31dd978

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/anatel.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Tue, 08 Sep 2009 20:51:34 GMT
ETag: "24f4-4731721b82180"
Accept-Ranges: bytes
Content-Length: 9460
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_top_menu_serv.jpg

200.124.164.6

200 OK

1.9 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_top_menu_serv.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 165x20, components 3
Size
1.9 kB (1871 bytes)
Hash
19b8943f77dd1ac2a926368ec59bec80
513fd26d89b4006f90dd9f066594ddc400e3e331
7e34572bf5eb0880f9266cff81098384d5478dddd0af924ab27b7f7f9ece7be2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_top_menu_serv.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "74f-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 1871
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_not_title.gif

200.124.164.6

200 OK

848 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_not_title.gif
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
GIF image data, version 89a, 335 x 31
Size
848 B (848 bytes)
Hash
c381225246ed1ac6190ae593e5bd2f4d
4858052c75006089e756b02ef249028f418a94a0
2b42af95285a689331da170eac703bdeee232500afa078c02ded8eb9a430608c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_not_title.gif HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "350-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 848
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

200.124.164.6:81/imagens/img_top_menu_news.jpg

200.124.164.6

200 OK

2.1 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_top_menu_news.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 165x20, components 3
Size
2.1 kB (2064 bytes)
Hash
2c79ef0e4763a02f97e8a2e8f10665f3
7b5a363da30daf03410b7d4fb715bc5ee6c15d1c
884c35244672201afb565cc5df631174d9a3c47703f8c0cd4ff2f9b84fae8efd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_top_menu_news.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "810-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 2064
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/speedtest.jpg

200.124.164.6

200 OK

5.2 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/speedtest.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 165x122, components 3
Size
5.2 kB (5173 bytes)
Hash
0cf818d420a7c78764dd56b4f0242c6f
8663466d132739d97373ca338d012246b414edd2
3bc1b0b8720fcec7651154a1ee65bf1f346e04b1646556547b6281ed77ee93e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/speedtest.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 10 Jul 2017 21:53:21 GMT
ETag: "1435-553fd9c7fb640"
Accept-Ranges: bytes
Content-Length: 5173
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_border_fundo.png

200.124.164.6

200 OK

1.5 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_border_fundo.png
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
PNG image data, 745 x 54, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1508 bytes)
Hash
93ffb2be4f585de20980c8d8c52d369c
f63e5c2cb01d072f707934a16572a27167a3ec29
d87e14f27ce37f0feb02bd6b0c1a6c842b37a486cd622d4c5b5e61fa46c11245

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_border_fundo.png HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "5e4-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 1508
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

200.124.164.6:81/imagens/img_fund_sub_c.jpg

200.124.164.6

200 OK

369 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_fund_sub_c.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 15x31, components 3
Size
369 B (369 bytes)
Hash
15abe367a91640b324ea6e11fa2283ce
42bdd8c6084bf76877eee610486be61ec22507c6
31f1599252ab8721ce402473110781f93e67eaf24f9aafe6b8c0d564739754b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_fund_sub_c.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "171-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 369
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_fund_web_a.jpg

200.124.164.6

200 OK

368 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_fund_web_a.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 8x30, components 3
Size
368 B (368 bytes)
Hash
36df315250b0fba7a0c844957a2eccb7
21599e13edf3fc4eaf036e0b898139a5248ffb2a
7caaa9009bcd189a1f5e11de3ae9fdbe0675e4980998414445c3a9b885cb7bae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_fund_web_a.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "170-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 368
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/hr_dot_black_2.gif

200.124.164.6

200 OK

43 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/hr_dot_black_2.gif
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
GIF image data, version 89a, 3 x 1
Size
43 B (43 bytes)
Hash
f9fcba4a6594c25dd5b9b0d68dc36f04
27f730dff326a054274ff45b9bfc03f9a48f537d
522e113f0a499e1d34052d8e9585b61f0aaab4d6536cfec3e6b5bbffe17f2341

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/hr_dot_black_2.gif HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "2b-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

200.124.164.6:81/imagens/img_top_site_m_2.jpg

200.124.164.6

200 OK

19 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_top_site_m_2.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 727x45, components 3
Size
19 kB (18591 bytes)
Hash
1837fe45a160df655ca189485411ead8
9cc45c96840b950ae8eb0d2eed51e1362692c2f6
6473ff2a097bea120906ebfc7e026821616f52f3a5b4f919414f8811338a034a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_top_site_m_2.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 10 Aug 2009 02:29:58 GMT
ETag: "489f-470c05cb15580"
Accept-Ranges: bytes
Content-Length: 18591
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_fundo_rodape.jpg

200.124.164.6

200 OK

437 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_fundo_rodape.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 760x3, components 3
Size
437 B (437 bytes)
Hash
98dbd1db34e961534c5a195fdf591d5a
96f06ed8d99d463dee8bd8a90715403907b57cbe
b130f5429d950eba637191b6cb1d6ac265e3316a7634444e6670eccd4ca36c43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_fundo_rodape.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "1b5-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 437
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_senha_bar.jpg

200.124.164.6

200 OK

1.8 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_senha_bar.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 40x30, components 3
Size
1.8 kB (1821 bytes)
Hash
64e30aa12783d4784d4bf1aa0e12619c
8e18ab553c1c0163880d416a77086225cc4aa7d1
461588c1672f06fe38b2805bf103fb2952f4f7d1663caa390dde36ab2d3643e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_senha_bar.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 10 Aug 2009 02:02:02 GMT
ETag: "71d-470bff8cb9a80"
Accept-Ranges: bytes
Content-Length: 1821
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_banner.jpg

200.124.164.6

200 OK

4.9 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_banner.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 165x122, components 3
Size
4.9 kB (4914 bytes)
Hash
5342960dfdacd74d797d58409ede1fac
6841be20665f4e88a27d5284a46ca52918af72a1
9b7b97b9b9bdd354ec04d8bcb20c83a681dd598089eec99e96be661ec34516bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_banner.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Fri, 28 Aug 2009 21:56:36 GMT
ETag: "1332-4723ac20acd00"
Accept-Ranges: bytes
Content-Length: 4914
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_btn_ok_bar.jpg

200.124.164.6

200 OK

854 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_btn_ok_bar.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 29x30, components 3
Size
854 B (854 bytes)
Hash
c3e20af70c6ac230002431fb89cad759
4c7f0a1b60c7742d70d79d151c32a14208bee6f3
5f7e246c922a3fea5674ea3f87652ea85c350b7a85c2fb077eaf0edf08fa79e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_btn_ok_bar.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 27 Jul 2009 08:03:52 GMT
ETag: "356-46fab6508aa00"
Accept-Ranges: bytes
Content-Length: 854
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/bg7.jpg

200.124.164.6

200 OK

80 kB

URL GET HTTP/1.1
200.124.164.6:81/imagens/bg7.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1400x800, components 3
Size
80 kB (80143 bytes)
Hash
b23932edc8f10d8e2510905ece8bd443
7a7223c9b48667e0f12bcf0910b7295a9def96d5
4c095ad5f240b90070accfb8f7703adbb8403e53f30690e891c0958983664aef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/bg7.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Sun, 09 Aug 2009 07:42:52 GMT
ETag: "1390f-470b09dde7700"
Accept-Ranges: bytes
Content-Length: 80143
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

200.124.164.6:81/imagens/img_topo.jpg

200.124.164.6

200 OK

973 B

URL GET HTTP/1.1
200.124.164.6:81/imagens/img_topo.jpg
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 727x160, components 3
Size
973 B (973 bytes)
Hash
16e4182c536e7025114f491390f3a655
9c4010934b86c87bafa0a9829023f09093e4a0f9
812afee4d7434ba7dd6e7d5ca44371d1e2a33a4d3e25bcafa5494a869a0e224a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /imagens/img_topo.jpg HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:37:05 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Mon, 10 Aug 2009 02:39:38 GMT
ETag: "3cd-470c07f436e80"
Accept-Ranges: bytes
Content-Length: 973
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:37:05 GMT
MKAUTH: FILES
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

www.google.com/cse/static/images/1x/en/branding.png

142.250.74.164

200 OK

1.6 kB

URL GET HTTP/2
www.google.com/cse/static/images/1x/en/branding.png
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://200.124.164.6:81/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
PNG image data, 123 x 15, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1556 bytes)
Hash
9a63187ccc27d018cedb3a932f5aa9aa
5a59b006635e93492bfd06a5c26f8b6e4181dc71
6ca8050d203fbcb8613c5b13d0bf8cfccb60e97f82334702edd7a48d09489d68

HTTP Headers

GET /cse/static/images/1x/en/branding.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1556
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:49:20 GMT
expires: Fri, 02 May 2025 01:49:20 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 07 Dec 2023 21:00:00 GMT
content-type: image/png
age: 521250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

200.124.164.6:81/favicon.ico

200.124.164.6

404 Not Found

288 B

URL GET HTTP/1.1
200.124.164.6:81/favicon.ico
IP
200.124.164.6:81
ASN
#270277 Nexus Telecom

Requested by
http://200.124.164.6:81/

File type
HTML document, ASCII text
Size
288 B (288 bytes)
Hash
cc1f1906fafb17c51a63ce72918388f6
03d798e76c68c50908a10d5871fd02928be97967
d0502812b25b583df8c0d3216f195cc03e23d1ef020c88d75cc69a814782c70b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 200.124.164.6:81
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://200.124.164.6:81/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 02:37:06 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 288
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML