Report - m8ycv1pmsk.u49xs3jwegd.com

Report Overview

Visited public
2023-12-06 16:04:29
Tags
URL
m8ycv1pmsk.u49xs3jwegd.com
Finishing URL
au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R
IP / ASN
35.86.198.224
#16509 AMAZON-02
Title
★HEAT★

Detections

urlquery

0

Network Intrusion Detection

11

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m8ycv1pmsk.u49xs3jwegd.com	unknown	unknown	No data	No data	409 B	337 B	35.86.198.224
au-he.biz	unknown	2022-12-11	2023-05-11 22:14:59	2023-12-03 16:13:05	2.0 kB	2.1 kB	103.30.252.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-06 16:04:18	high	35.86.198.224	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2023-12-06 16:04:19	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:19	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:20	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:21	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:21	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:24	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-06 16:04:25	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

	URL	IP	Response	Size
	m8ycv1pmsk.u49xs3jwegd.com/	35.86.198.224	302 Found	1 B
URL User Request GET HTTP/1.1 m8ycv1pmsk.u49xs3jwegd.com/ IP 35.86.198.224:80 ASN #16509 AMAZON-02 File type very short file (no magic) Size 1 B (1 bytes) Hash 7215ee9c7d9dc229d2921a40e899ec5f b858cb282617fb0956d960215c8e84d1ccf909c6 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 HTTP Headers `GET / HTTP/1.1 Host: m8ycv1pmsk.u49xs3jwegd.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Date: Wed, 06 Dec 2023 16:04:12 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 X-Powered-By: PHP/5.4.16 Location: http://au-he.biz/zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8`

	au-he.biz/zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R	103.30.252.35	302 Found	231 B
URL User Request GET HTTP/1.1 au-he.biz/zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R IP 103.30.252.35:80 ASN #0 File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 231 B (231 bytes) Hash c1276aa41c2c2e519c1281054c8b771c 19ddff5d7952409232f7e979deed4be7cac7dc66 0a8538be9e1c727cae02d2f05a3767d3fbe91125e74a14e4b74ee10d98d474f2 HTTP Headers `GET /zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R HTTP/1.1 Host: au-he.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Date: Wed, 06 Dec 2023 16:04:15 GMT Location: http://au-he.biz/jump/?code=zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 231 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1`

	au-he.biz/jump/?code=zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R	103.30.252.35	302 Moved Temporarily	20 B
URL User Request GET HTTP/1.1 au-he.biz/jump/?code=zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R IP 103.30.252.35:80 ASN #0 File type gzip compressed data, from Unix\012- data Size 20 B (20 bytes) Hash 7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2 HTTP Headers `GET /jump/?code=zNiBP/pIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R HTTP/1.1 Host: au-he.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Moved Temporarily Date: Wed, 06 Dec 2023 16:04:16 GMT Server: Apache Location: http://au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R Content-Type: text/html;charset=ISO-8859-1 Set-Cookie: JSESSIONID=80C1F3E973C46FC3D99DF4AC5F0A40D9; Path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive`

	au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R	103.30.252.35	200 OK	489 B
URL User Request GET HTTP/1.1 au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R IP 103.30.252.35:80 ASN #0 File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text Size 489 B (489 bytes) Hash 1e4b8cd769f97c0b7f28f0da279e2619 942574335a138422b80f271f9d75aa8d128a709c db4c6e51ac1ab1652c8ad72707d5a7aa3a2cd9ce0641c1a48ed8687bf2f35e5d HTTP Headers GET /confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R HTTP/1.1 Host: au-he.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Cookie: JSESSIONID=80C1F3E973C46FC3D99DF4AC5F0A40D9 Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Wed, 06 Dec 2023 16:04:18 GMT Server: Apache Content-Type: text/html;charset=UTF-8 Content-Language: ja-JP Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Transfer-Encoding: chunked`

	au-he.biz/favicon.ico	103.30.252.35	404 Not Found	22 B
URL GET HTTP/1.1 au-he.biz/favicon.ico IP 103.30.252.35:80 ASN #0 Requested by http://au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R File type ASCII text, with no line terminators Size 22 B (22 bytes) Hash 23b58def11b45727d3351702515f86af 099600a10a944114aac406d136b625fb416dd779 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28 HTTP Headers GET /favicon.ico HTTP/1.1 Host: au-he.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://au-he.biz/confirm/;jsessionid=80C1F3E973C46FC3D99DF4AC5F0A40D9?url=%2Fjump%2F%3Fcode%3DzNiBP%2FpIWnFVqGCEBUoGUqzWiFTooPqDUjzQqFywCYpKD2R Cookie: JSESSIONID=80C1F3E973C46FC3D99DF4AC5F0A40D9 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 404 Not Found Date: Wed, 06 Dec 2023 16:04:19 GMT Server: Apache Content-Type: text/html;charset=ISO-8859-1 Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 22 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive`