Overview

URL 173.239.5.6/wpad.dat
IP173.239.5.6
ASNAS27257 Webair Internet Development Company Inc.
Location United States
Report completed2019-05-21 21:59:05 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-21 21:58:30 CEST 3 Client IP  173.239.5.6 ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-21 2 ww9.bustbuy.com/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.239.5.6

Date UQ / IDS / BL URL IP
2019-06-26 14:23:00 +0200
0 - 0 - 0 ezgifs.com/ 173.239.5.6
2019-06-11 15:52:02 +0200
0 - 0 - 0 stockplanconnectmorganstanley.com 173.239.5.6
2019-06-10 17:46:59 +0200
0 - 0 - 4 o2m7iu4jit.mxp4101.com/4084375ab49ebca226c8a2 (...) 173.239.5.6
2019-06-10 17:24:28 +0200
0 - 0 - 1 nuesamouau.com/2015 173.239.5.6
2019-06-10 15:00:58 +0200
0 - 1 - 4 kyle.mxp203.com/-HNq50lPyiiik8kH3clyCS5vNZ27d (...) 173.239.5.6
2019-06-10 15:00:54 +0200
0 - 0 - 4 z0g7ya1i0.com/DAG0PLrE8M5jUwC2Y2xrPTEuOCZiaWQ (...) 173.239.5.6
2019-06-10 14:42:41 +0200
0 - 0 - 4 a5lyric.a5zhukao.com/557 173.239.5.6
2019-06-10 14:42:40 +0200
0 - 0 - 4 a5lyric.a5zhukao.com/nhh 173.239.5.6
2019-06-10 14:42:40 +0200
0 - 0 - 4 a5lyric.a5zhukao.com/pjj 173.239.5.6
2019-06-10 14:42:38 +0200
0 - 0 - 4 a5lyric.a5zhukao.com/h/haircut%20100/calling% (...) 173.239.5.6

Last 10 reports on ASN: AS27257 Webair Internet Development Company Inc.

Date UQ / IDS / BL URL IP
2019-07-01 09:20:14 +0200
0 - 0 - 0 ladsblue.com 198.134.112.243
2019-06-30 17:07:04 +0200
0 - 0 - 0 vidsdelivery.com 198.134.112.244
2019-06-30 17:00:20 +0200
0 - 0 - 0 7hu8e1u001.com 198.134.112.241
2019-06-30 05:29:12 +0200
0 - 0 - 0 https://newaprads.com/vjrncnd0i 198.134.112.241
2019-06-30 00:50:03 +0200
0 - 0 - 0 ladsblue.com 198.134.112.243
2019-06-30 00:44:10 +0200
0 - 0 - 0 pl12574102.puhtml.com/80/3f/af/803fafcd69c706 (...) 198.134.112.244
2019-06-27 15:06:52 +0200
0 - 0 - 0 exi8ef83z9.com 198.134.112.243
2019-06-27 13:13:46 +0200
0 - 0 - 0 https://mob.kaipirinhaloka.xyz/redirect?feed= (...) 198.134.116.30
2019-06-27 08:45:13 +0200
0 - 0 - 1 uod2quk646.com 198.134.112.241
2019-06-27 05:48:26 +0200
0 - 0 - 0 class2deal.com 198.134.112.242

No other reports on domain: 173.239.5.6.



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (5)


Request Response
                                        
                                            GET /wpad.dat HTTP/1.1 
Host: 173.239.5.6
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.239.5.6
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx/1.14.2
Date: Tue, 21 May 2019 19:58:30 GMT
Content-Length: 161
Connection: keep-alive
Location: http://173.239.5.6/


--- Additional Info ---
Magic:  HTML document text
Size:   161
Md5:    b25d5e7ec72fe7c181c56fe286b44875
Sha1:   10f16139f7f5e07bd4a2f49ae4c1a407df5578b6
Sha256: 99d6333713dc294a4d960b71cbdecfcd89d57960c2715ceb2b289199b5fe9297

Alerts:
  IDS:
    - ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel
                                        
                                            GET / HTTP/1.1 
Host: 173.239.5.6
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.239.5.6
HTTP/1.1 302 Found
                                        
Server: nginx/1.14.2
Date: Tue, 21 May 2019 19:58:30 GMT
Content-Length: 0
Connection: keep-alive
Location: http://ww9.bustbuy.com/


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: ww9.bustbuy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.53.179.29
HTTP/1.1 410 Gone
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 21 May 2019 19:58:30 GMT
Content-Length: 152
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   152
Md5:    f95b32e047fdd5fdf45faccd47927a0a
Sha1:   d736a1a36d0dff162080247a005f29156455d6a4
Sha256: ffe7a0f1f23ee4478db605fc9201d3b51d0a24c497a66376e72a38cf2f459d08

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ww9.bustbuy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.53.179.29
HTTP/1.1 410 Gone
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 21 May 2019 19:58:30 GMT
Content-Length: 152
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   152
Md5:    f95b32e047fdd5fdf45faccd47927a0a
Sha1:   d736a1a36d0dff162080247a005f29156455d6a4
Sha256: ffe7a0f1f23ee4478db605fc9201d3b51d0a24c497a66376e72a38cf2f459d08
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ww9.bustbuy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.53.179.29
HTTP/1.1 410 Gone
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 21 May 2019 19:58:33 GMT
Content-Length: 152
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   152
Md5:    f95b32e047fdd5fdf45faccd47927a0a
Sha1:   d736a1a36d0dff162080247a005f29156455d6a4
Sha256: ffe7a0f1f23ee4478db605fc9201d3b51d0a24c497a66376e72a38cf2f459d08