Report - 12881288.com/update.txt

Report Overview

Visited public
2023-09-23 22:59:34
Tags
URL
12881288.com/update.txt
Finishing URL
12881288.com/update.txt
IP / ASN
104.143.9.110
#399522 TP
Title
12881288.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
12881288.com	unknown	2020-10-11	2019-07-25 00:17:24	2021-01-29 16:50:12	742 B	1.0 kB	104.143.9.111
63.141.249.30	unknown	unknown	2013-05-03 17:17:48	2018-01-17 06:43:43	440 B	435 B	63.141.249.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	63.141.249.30	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

12881288.com/update.txt

104.143.9.111

200 OK

300 B

URL User Request GET HTTP/1.1
12881288.com/update.txt
IP
104.143.9.111:80
ASN
#399522 TP

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
300 B (300 bytes)
Hash
81a2568d4220d5bd0cc1380d3bfd819e
97f18e697fa1a0bf3d1b5ba3340b0b27addbbb47
f0100c57042ec3b9b1fc4c06ce1fec2eae50655d72c04b3500c02e85d30ed931

HTTP Headers

GET /update.txt HTTP/1.1
Host: 12881288.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 22:59:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ==
Content-Encoding: gzip

12881288.com/favicon.ico

104.143.9.111

404 Not Found

146 B

URL GET HTTP/1.1
12881288.com/favicon.ico
IP
104.143.9.111:80
ASN
#399522 TP

Requested by
http://12881288.com/update.txt

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12881288.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://12881288.com/update.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 23 Sep 2023 22:59:18 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

63.141.249.30/12881288.com/update.txt

63.141.249.30

404 Not Found

221 B

URL GET HTTP/1.1
63.141.249.30/12881288.com/update.txt
IP
63.141.249.30:80
ASN
#33387 NOCIX

Requested by
http://12881288.com/update.txt

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
e7346b46ac7877345ba7a408d75a6328
2a5a5f754b00d86b9a0f8b4ab4f0fe18d556bbfd
4f71fb0ec4c270bef95b86fcba03fb686148e3151ba8272ced2973b7debb5730

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /12881288.com/update.txt HTTP/1.1
Host: 63.141.249.30
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://12881288.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 23 Sep 2023 22:59:17 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 221
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers