Report - 163.123.143.126/netlog.sh

Report Overview

Submitted URL
163.123.143.126/netlog.sh
IP
163.123.143.126
ASN
#213035 Des Capital B.V.
Submitted
2023-04-21 21:06:55
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
objects.githubusercontent.com	134060		2021-11-01	2023-04-21	958 B	35 kB	185.199.109.133
163.123.143.126	unknown		No data	No data	389 B	3.6 kB	163.123.143.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-21 21:09:44	high	163.123.143.126	Client IP	ET HUNTING Observed Interesting Content-Type Inbound (application/x-sh)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-21	medium	163.123.143.126/netlog.sh

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-04-21	medium	163.123.143.126

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

objects.githubusercontent.com/github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream

185.199.109.133

34 kB

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream
IP
185.199.109.133:0
ASN
#54113 FASTLY

File type
data
Size
34 kB (34202 bytes)
Hash
d700bed64e49370ab5d11e96f2296341
22cc4a6f2f7e0ccd3d71b4288cbd962ba4b15d31
9ecb8c7403c058bdc558f6dbba7cc73d505239ad64e055775c4c109ab95ad633

HTTP Headers

GET /github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=99713024-
If-Match: "0x8DB3618A3AB09CE"
If-Unmodified-Since: Wed, 05 Apr 2023 20:59:25 GMT

HTTP/2 206 Partial Content
content-type: application/octet-stream
content-md5: bT7S+V6peEIoSc+7qVKFUg==
last-modified: Wed, 05 Apr 2023 20:59:25 GMT
etag: "0x8DB3618A3AB09CE"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 701ad634-501e-0045-0294-7434b6000000
x-ms-version: 2020-04-08
x-ms-creation-time: Wed, 05 Apr 2023 20:59:25 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=Electron.Fiddle-darwin-x64-0.32.2.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 123
content-range: bytes 99713024-99747225/99747226
date: Fri, 21 Apr 2023 21:06:41 GMT
x-served-by: cache-iad-kcgs7200165-IAD, cache-bma1683-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 0
x-timer: S1682111201.275218,VS0,VE99
content-length: 34202
X-Firefox-Spdy: h2

163.123.143.126/netlog.sh

163.123.143.126

200 OK

3.3 kB

URL User Request GET HTTP/1.1
163.123.143.126/netlog.sh
IP
163.123.143.126:80
ASN
#213035 Des Capital B.V.

File type
ASCII text
Size
3.3 kB (3277 bytes)
Hash
bc3bf0bc3d332a669a8ca1266476b77b
830eab5e5916ad4af790c5766cbea06d664d0ea9
692a5d099e37cd94923ea2b2014d79e6e613fb061a985069736dd3d55d4330c4

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

NIDS	Severity	Alert
suricata	high	ET HUNTING Observed Interesting Content-Type Inbound (application/x-sh)

HTTP Headers

GET /netlog.sh HTTP/1.1
Host: 163.123.143.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 21 Apr 2023 21:06:41 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Mon, 27 Mar 2023 03:43:23 GMT
ETag: "ccd-5f7d98b71acc0"
Accept-Ranges: bytes
Content-Length: 3277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-sh

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers