Report - public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi

Report Overview

Visited public
2025-01-25 19:56:10
Tags
Submit Tags
URL
public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi
Finishing URL
public.ct.ws/error.html
IP / ASN
185.27.134.221
#34119 Wildcard UK Limited
Title
Waverly

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-01-22	348 B	960 B	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-01-22	441 B	24 kB	142.250.74.35
public.ct.ws	unknown	2024-11-01	2025-01-25	2025-01-25	3.1 kB	22 kB	185.27.134.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed
2025-01-25	medium	ct.ws	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi

185.27.134.221

200 OK

888 B

URL
public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi
IP
185.27.134.221:0
ASN
#34119 Wildcard UK Limited

File type
HTML document, ASCII text, with very long lines (888), with no line terminators
Size
888 B (888 bytes)
Hash
055899125f3c0f9ad81f0b7da4ee444b
eef1f93ab9f4260d4a2dd0ee08b359c987072bdf
d7dff4933ad7a92b30a57aa4904acbc2ab7bc39fdc14b8559b4a2feef917c76d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jan 2025 19:55:44 GMT
Content-Type: text/html
Content-Length: 888
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

public.ct.ws/aes.js

185.27.134.221

200 OK

14 kB

URL
public.ct.ws/aes.js
IP
185.27.134.221:0
ASN
#34119 Wildcard UK Limited

File type
ASCII text, with very long lines (13733), with no line terminators
Size
14 kB (13733 bytes)
Hash
fc66e046447092c606f2587837f96874
fcf354a8044f494ee1f9fe868dde3f570f50e593
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aes.js HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: application/javascript
Content-Length: 13733
Last-Modified: Sun, 15 Oct 2023 16:54:07 GMT
Connection: keep-alive
ETag: "652c192f-35a5"
Accept-Ranges: bytes

GET public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi?i=1

185.27.134.221

302 Found

214 B

URL User Request GET HTTP/1.1
public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi?i=1
IP
185.27.134.221:80
ASN
#34119 Wildcard UK Limited

File type
HTML document, ASCII text
Size
214 B (214 bytes)
Hash
a4fd5e2e129163c7903936070b61a5a3
2b775c79712dc06d70cc15ff2cb605c310084fe9
17f56d52121515b26550e00190315f13bface21cadd9b8253c8dbafca4f7887b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi?i=1 HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi
DNT: 1
Connection: keep-alive
Cookie: __test=f1f799e75b56d702a7048703ec0e79c6
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 214
Connection: keep-alive
Location: http://public.ct.ws/error.html
Cache-Control: max-age=0
Expires: Sat, 25 Jan 2025 19:55:45 GMT

GET public.ct.ws/error.html

185.27.134.221

200 OK

1.8 kB

URL User Request GET HTTP/1.1
public.ct.ws/error.html
IP
185.27.134.221:80
ASN
#34119 Wildcard UK Limited

File type
HTML document, ASCII text, with very long lines (332)
Size
1.8 kB (1840 bytes)
Hash
9c460325c4b0acb1932c1102b1277293
0816d0e5858be4e56c5fb8531581d5e66d3adbb7
69647d30034aba2b3f903b8a08e7fd51c7119bdc8e448cb5b1178e6198693fd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error.html HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://public.ct.ws/NOVALAUNCHERDOWNLOAD_799f7cb55e4623e595d77c7868507cdc/NL-2024.msi
DNT: 1
Connection: keep-alive
Cookie: __test=f1f799e75b56d702a7048703ec0e79c6
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1840
Connection: keep-alive
Last-Modified: Thu, 12 Dec 2024 20:23:26 GMT
ETag: "730-629187c98e89e"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Mon, 24 Feb 2025 19:55:45 GMT

GET public.ct.ws/style.css

185.27.134.221

200 OK

1.8 kB

URL GET HTTP/1.1
public.ct.ws/style.css
IP
185.27.134.221:80
ASN
#34119 Wildcard UK Limited

Requested by
http://public.ct.ws/error.html

File type
ASCII text
Size
1.8 kB (1760 bytes)
Hash
6660a7a32f82601dfba08b352719a8bd
8ff0aa7f3401a2be742ca6e580108d79b33f4834
f8a820a39cadf93fd54f6b17d4e40487fd0b5e56bdaaf2d557bceab9f2528f5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style.css HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://public.ct.ws/error.html
Cookie: __test=f1f799e75b56d702a7048703ec0e79c6
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: text/css
Content-Length: 1760
Connection: keep-alive
Last-Modified: Thu, 12 Dec 2024 20:23:26 GMT
ETag: "6e0-629187c96dd29"
Cache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate
Expires: Mon, 24 Feb 2025 19:55:45 GMT
Accept-Ranges: bytes

GET fonts.googleapis.com/css?family=Lato:300:400

142.250.74.10

200 OK

369 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Lato:300:400
IP
142.250.74.10:80
ASN
#15169 GOOGLE

Requested by
http://public.ct.ws/error.html

File type
ASCII text
Size
369 B (369 bytes)
Hash
1ac57eccb9c97841e9518b4b50efca17
9058a38e73a2d3d6779ef0a376eee3f12dbefaef
775d805084aab9f419e5fd612d055f666d0208661e684cec9d15f8b6b0f86e82

HTTP Headers

GET /css?family=Lato:300:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://public.ct.ws/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 25 Jan 2025 19:55:45 GMT
Date: Sat, 25 Jan 2025 19:55:45 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

GET fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2

142.250.74.35

200 OK

23 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP
142.250.74.35:80
ASN
#15169 GOOGLE

Requested by
http://public.ct.ws/error.html

File type
Web Open Font Format (Version 2), TrueType, length 23236, version 1.0
Size
23 kB (23236 bytes)
Hash
716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://public.ct.ws
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 Jan 2025 10:11:32 GMT
Expires: Fri, 23 Jan 2026 10:11:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 02 May 2023 15:08:26 GMT
Content-Type: font/woff2
Age: 207853

GET public.ct.ws/favicon.ico

185.27.134.221

302 Found

214 B

URL GET HTTP/1.1
public.ct.ws/favicon.ico
IP
185.27.134.221:80
ASN
#34119 Wildcard UK Limited

Requested by
http://public.ct.ws/error.html

File type
HTML document, ASCII text
Size
214 B (214 bytes)
Hash
a4fd5e2e129163c7903936070b61a5a3
2b775c79712dc06d70cc15ff2cb605c310084fe9
17f56d52121515b26550e00190315f13bface21cadd9b8253c8dbafca4f7887b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://public.ct.ws/error.html
Cookie: __test=f1f799e75b56d702a7048703ec0e79c6
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 214
Connection: keep-alive
Location: http://public.ct.ws/error.html
Cache-Control: max-age=2592000
Expires: Mon, 24 Feb 2025 19:55:45 GMT

GET public.ct.ws/error.html

185.27.134.221

200 OK

1.8 kB

URL User Request GET HTTP/1.1
public.ct.ws/error.html
IP
185.27.134.221:80
ASN
#34119 Wildcard UK Limited

File type
HTML document, ASCII text, with very long lines (332)
Size
1.8 kB (1840 bytes)
Hash
9c460325c4b0acb1932c1102b1277293
0816d0e5858be4e56c5fb8531581d5e66d3adbb7
69647d30034aba2b3f903b8a08e7fd51c7119bdc8e448cb5b1178e6198693fd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error.html HTTP/1.1
Host: public.ct.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://public.ct.ws/error.html
DNT: 1
Connection: keep-alive
Cookie: __test=f1f799e75b56d702a7048703ec0e79c6
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jan 2025 19:55:45 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1840
Connection: keep-alive
Last-Modified: Thu, 12 Dec 2024 20:23:26 GMT
ETag: "730-629187c98e89e"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Mon, 24 Feb 2025 19:55:45 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1