Report - 160.181.166.186:8888/svcyr.exe

Report Overview

Submitted URL
160.181.166.186:8888/svcyr.exe
IP
160.181.166.186
ASN
#0
Submitted
2024-05-05 16:57:25
Access
public
Website Title
160.181.166.186:8888/svcyr.exe
Final URL
160.181.166.186:8888/svcyr.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
160.181.166.186:8888	unknown	unknown	No data	No data	1.9 kB	92 kB	160.181.166.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	160.181.166.186	Sinkholed
2024-05-05	medium	160.181.166.186	Sinkholed
2024-05-05	medium	160.181.166.186	Sinkholed
2024-05-05	medium	160.181.166.186	Sinkholed
2024-05-05	medium	160.181.166.186	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	160.181.166.186:8888/?mode=jquery	107 kB	2023-03-09	2024-05-18
Pretty URL 160.181.166.186:8888/?mode=jquery IP 160.181.166.186 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 04:25:21 Last Seen2024-05-18 13:42:53 Times Seen677 Hash 9412724f1fb2c06aa53a9a75cd6d34c4 53c0f9e40695429ccc0e490977f85282744e53ba 6a1dadb5b03bd6c8cd4668c976e7fb89b7b2912c243810cb861c730295591ccd Loading...

	160.181.166.186:8888/svcyr.exe	0 B	2023-03-07	2024-05-18
Pretty URL 160.181.166.186:8888/svcyr.exe IP 160.181.166.186 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 21:47:17 Times Seen37801624 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	160.181.166.186:8888/~lib.js	24 kB	2023-04-15	2024-05-06
Pretty URL 160.181.166.186:8888/~lib.js IP 160.181.166.186 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-15 02:55:18 Last Seen2024-05-06 08:53:22 Times Seen615 Hash 429665aebf4da09b0ecec67d36ca4c67 ebc55559ec7ce0fe94ad2c6fe3f2f33a1de66954 b552db7e1eac5b418e46a454994692e4cb6ae67d0b2627710098be6ee8d26190 Loading...

HTTP Transactions (5)

URL IP Response Size

160.181.166.186:8888/~lib.js

160.181.166.186

200 OK

11 kB

URL GET HTTP/1.1
160.181.166.186:8888/~lib.js
IP
160.181.166.186:8888
ASN
#0

Requested by
http://160.181.166.186:8888/svcyr.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2620), with CRLF line terminators
Size
11 kB (10871 bytes)
Hash
429665aebf4da09b0ecec67d36ca4c67
ebc55559ec7ce0fe94ad2c6fe3f2f33a1de66954
b552db7e1eac5b418e46a454994692e4cb6ae67d0b2627710098be6ee8d26190

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /~lib.js HTTP/1.1
Host: 160.181.166.186:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.166.186:8888/svcyr.exe
Cookie: HFS_SID_=r0bZREEt5kAAAICRnOjPw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 10871
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: lib.js45349.9454281944
Content-Encoding: gzip

160.181.166.186:8888/svcyr.exe

160.181.166.186

429

14 kB

URL User Request GET HTTP/1.1
160.181.166.186:8888/svcyr.exe
IP
160.181.166.186:8888
ASN
#0

File type
HTML document, Unicode text, UTF-8 text, with very long lines (12344), with CRLF line terminators
Size
14 kB (14159 bytes)
Hash
9ffed218615985d3df6a7b4c0027361e
c34f9dc14f6f2236c526dad83cb49e5634a34e44
9f4c95a18e564354c6da55b32dd2073ae4482c1aff738365a11fd866f75e2342

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /svcyr.exe HTTP/1.1
Host: 160.181.166.186:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 429 
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
Set-Cookie: HFS_SID_=r0bZREEt5kAAAICRnOjPw; path=/; HttpOnly
ETag: f7f74d1624b4a2d50208023ac5dcbcc6
Last-Modified: Tue, 27 Feb 2024 14:43:29 GMT
Content-Encoding: gzip

160.181.166.186:8888/?mode=jquery

160.181.166.186

200 OK

44 kB

URL GET HTTP/1.1
160.181.166.186:8888/?mode=jquery
IP
160.181.166.186:8888
ASN
#0

Requested by
http://160.181.166.186:8888/svcyr.exe

File type
JavaScript source, ASCII text, with very long lines (32077)
Size
44 kB (43515 bytes)
Hash
9412724f1fb2c06aa53a9a75cd6d34c4
53c0f9e40695429ccc0e490977f85282744e53ba
6a1dadb5b03bd6c8cd4668c976e7fb89b7b2912c243810cb861c730295591ccd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?mode=jquery HTTP/1.1
Host: 160.181.166.186:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.166.186:8888/svcyr.exe
Cookie: HFS_SID_=r0bZREEt5kAAAICRnOjPw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 43515
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: jquery45349.945516331
Content-Encoding: gzip

160.181.166.186:8888/favicon.ico

160.181.166.186

200 OK

576 B

URL GET HTTP/1.1
160.181.166.186:8888/favicon.ico
IP
160.181.166.186:8888
ASN
#0

Requested by
http://160.181.166.186:8888/svcyr.exe

File type
GIF image data, version 89a, 16 x 16
Size
576 B (576 bytes)
Hash
9c3180a65d1ac3066055353e8b8b693e
15031554825c0aabbfdb1ce2c2756c479a7295d6
a37b97bab4af022ffea89ae28cba0d7a098bb2dadca53b770b16a2973f112845

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 160.181.166.186:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.166.186:8888/svcyr.exe
Cookie: HFS_SID_=r0bZREEt5kAAAICRnOjPw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 576
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7

160.181.166.186:8888/~style.css

160.181.166.186

200 OK

22 kB

URL GET HTTP/1.1
160.181.166.186:8888/~style.css
IP
160.181.166.186:8888
ASN
#0

Requested by
http://160.181.166.186:8888/svcyr.exe

File type

Size
22 kB (22311 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /~style.css HTTP/1.1
Host: 160.181.166.186:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.166.186:8888/svcyr.exe
Cookie: HFS_SID_=r0bZREEt5kAAAICRnOjPw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 13554
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: style.css45349.9454281944
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size