Report - 41.216.183.208/Users_API/CryptersAndTools/file

Report Overview

Visited public
2024-06-28 13:04:11
Tags
URL
41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt
Finishing URL
41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt
IP / ASN
41.216.183.208
#211138 Private-Hosting di Cipriano oscar
Title
41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-27 18:12:05	1.6 kB	4.4 kB	23.36.76.249
41.216.183.208	unknown	unknown	2017-06-04 17:45:08	2019-09-15 21:24:30	820 B	33 kB	41.216.183.208

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-28	medium	41.216.183.208	Sinkholed
2024-06-28	medium	41.216.183.208	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10278
Expires: Fri, 28 Jun 2024 15:55:04 GMT
Date: Fri, 28 Jun 2024 13:03:46 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
116ef0f15d988075de9127b4d85aeeac
cd431538d40d2097891757fd0ca8c06b576051e9
7dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19283
Expires: Fri, 28 Jun 2024 18:25:09 GMT
Date: Fri, 28 Jun 2024 13:03:46 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
dbfa299a842ee43ec1a3fb8290fcda40
71bcd7b76e849c623cac83d913b31caafdb45344
f7914dbab79ce77341e0c1fe4a9e3defb687942fcd4b17c20ce7c19b315f39df

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F7914DBAB79CE77341E0C1FE4A9E3DEFB687942FCD4B17C20CE7C19B315F39DF"
Last-Modified: Thu, 27 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15349
Expires: Fri, 28 Jun 2024 17:19:35 GMT
Date: Fri, 28 Jun 2024 13:03:46 GMT
Connection: keep-alive

41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt

41.216.183.208

200 OK

1.4 kB

URL User Request GET HTTP/1.1
41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt
IP
41.216.183.208:80
ASN
#211138 Private-Hosting di Cipriano oscar

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (1441), with no line terminators
Size
1.4 kB (1444 bytes)
Hash
36b739d764f8848e5e0b1a7424b77b2b
c816da14129ced564e8d9e5cb4cb1f8023c9db95
fdb6ef8c9ed25897af84048caff4ef0738e20561c2734aa4f2add5b1e76358f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Users_API/CryptersAndTools/file_cldohf23.r3g.txt HTTP/1.1
Host: 41.216.183.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 28 Jun 2024 20:03:45 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Fri, 28 Jun 2024 01:53:26 GMT
ETag: "5a4-61be98368420e"
Accept-Ranges: bytes
Content-Length: 1444
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

41.216.183.208/favicon.ico

41.216.183.208

200 OK

31 kB

URL GET HTTP/1.1
41.216.183.208/favicon.ico
IP
41.216.183.208:80
ASN
#211138 Private-Hosting di Cipriano oscar

Requested by
http://41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt

File type
MS Windows icon resource - 3 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel
Size
31 kB (30894 bytes)
Hash
6eb4a43cb64c97f76562af703893c8fd
c50c4273b9d2433c6069454f971ed6653e07c126
1d7c95c5eea00a8083a95810f902682f9e26e7fbb7876b022a403642d776d0c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 41.216.183.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://41.216.183.208/Users_API/CryptersAndTools/file_cldohf23.r3g.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 28 Jun 2024 20:03:46 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Thu, 16 Jul 2015 15:32:32 GMT
ETag: "78ae-51affc7a4c400"
Accept-Ranges: bytes
Content-Length: 30894
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13874
Expires: Fri, 28 Jun 2024 16:55:02 GMT
Date: Fri, 28 Jun 2024 13:03:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13874
Expires: Fri, 28 Jun 2024 16:55:02 GMT
Date: Fri, 28 Jun 2024 13:03:48 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers