Report - clashofclans.bplaced.net/sqlite3.dll

Report Overview

Submitted URL
clashofclans.bplaced.net/sqlite3.dll
IP
162.55.0.137
ASN
#24940 Hetzner Online GmbH
Submitted
2023-06-02 02:38:30
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
clashofclans.bplaced.net	unknown	2007-09-05	2015-04-01	2019-04-18	900 B	4.3 kB	162.55.0.137
www.bplaced.net	unknown	2007-09-05	2012-06-26	2023-06-02	2.8 kB	113 kB	162.55.0.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 02:38:12	medium	Client IP	162.55.0.137	ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
2023-06-02 02:38:16	low	162.55.0.137	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	clashofclans.bplaced.net/sqlite3.dll	0 B	2023-03-07	2024-04-20
Pretty URL clashofclans.bplaced.net/sqlite3.dll IP 162.55.0.137 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 17:42:02 Times Seen36975600 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (8)

URL IP Response Size

clashofclans.bplaced.net/sqlite3.dll

162.55.0.137

403 Forbidden

1.7 kB

URL User Request GET HTTP/1.1
clashofclans.bplaced.net/sqlite3.dll
IP
162.55.0.137:80
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (669)
Size
1.7 kB (1716 bytes)
Hash
c377971577c4f07c49c74f6804b17a63
a06710fb36c0efd876316bff0169ea3e4365caad
c47e247b6c246dd4ebd12327d7db924ed6fc17859c38b9d0fa368408beaf3b32

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

HTTP Headers

GET /sqlite3.dll HTTP/1.1
Host: clashofclans.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
x-bp-nsa-reqid: (null) a.14UID=453
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Sat, 08 Oct 2022 17:29:29 GMT
etag: "1bbf-5ea8944ceff23-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1716
content-type: text/html
date: Fri, 02 Jun 2023 02:38:12 GMT
server: Apache
X-Firefox-Spdy: h2

clashofclans.bplaced.net/sqlite3.dll

162.55.0.137

403 Forbidden

1.7 kB

URL User Request GET HTTP/1.1
clashofclans.bplaced.net/sqlite3.dll
IP
162.55.0.137:80
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (669)
Size
1.7 kB (1716 bytes)
Hash
c377971577c4f07c49c74f6804b17a63
a06710fb36c0efd876316bff0169ea3e4365caad
c47e247b6c246dd4ebd12327d7db924ed6fc17859c38b9d0fa368408beaf3b32

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

HTTP Headers

GET /sqlite3.dll HTTP/1.1
Host: clashofclans.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 02 Jun 2023 02:38:13 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=272
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 08 Oct 2022 17:29:29 GMT
ETag: "1bbf-5ea8944ceff23-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1716
Keep-Alive: timeout=4, max=500
Content-Type: text/html

www.bplaced.net/css/error.css

162.55.0.137

200 OK

3.7 kB

URL GET HTTP/2
www.bplaced.net/css/error.css
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
ASCII text, with very long lines (16767), with no line terminators
Size
3.7 kB (3745 bytes)
Hash
2ef56c3bd3aaa724661d80228914e17c
6ae27642cd16aa84b8f4c6c7f5eeacf0f6266278
3c716474a426f71aac76bccf441f759ecf53c8a4ca07ac902459b5f501fb6aa0

HTTP Headers

GET /css/error.css HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clashofclans.bplaced.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=769
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Mon, 17 Apr 2023 04:14:31 GMT
etag: "417f-5f9806d7ae5b9-gzip"
accept-ranges: bytes
cache-control: max-age=7200
expires: Fri, 02 Jun 2023 04:38:13 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-ua-compatible: IE=Edge,chrome=1
strict-transport-security: max-age=31536000
content-security-policy: default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net; style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *;
content-length: 3745
content-type: text/css
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.bplaced.net/gfx/emblem_b_xs.png

162.55.0.137

200 OK

2.1 kB

URL GET HTTP/2
www.bplaced.net/gfx/emblem_b_xs.png
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
PNG image data, 87 x 80, 8-bit/color RGB, non-interlaced\012- data
Size
2.1 kB (2064 bytes)
Hash
8b98f503aa5060a4e75d0fd6268528c3
e219138ca8aad32ab31d84e736d941a7e02b6398
d5049a8ae695852a6244bdc0ab6b69e11c016e8fb4b116ee8aea599f2ffbf086

HTTP Headers

GET /gfx/emblem_b_xs.png HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clashofclans.bplaced.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=354
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Mon, 16 Jan 2023 10:20:42 GMT
etag: "810-5f25eef85024d"
accept-ranges: bytes
content-length: 2064
cache-control: max-age=7200
expires: Fri, 02 Jun 2023 04:38:13 GMT
x-ua-compatible: IE=Edge,chrome=1
vary: User-Agent
content-type: image/png
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.bplaced.net/gfx/error.jpeg

162.55.0.137

200 OK

67 kB

URL GET HTTP/2
www.bplaced.net/gfx/error.jpeg
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=bplaced, copyright=bplaced], comment: "(c) bplaced", baseline, precision 8, 734x421, components 3\012- data
Size
67 kB (67411 bytes)
Hash
d8e461fb203971e359e8932334d21a14
4a8bea6b37aa7c35ae42ffb9ca419c4308e6ab80
fa4b417e2133117565c216db3a4e9372e83d9116349c2f4bc1f015dd5b85701c

HTTP Headers

GET /gfx/error.jpeg HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.bplaced.net/css/error.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=201
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Sat, 08 Oct 2022 17:29:29 GMT
etag: "10753-5ea8944cf8bc4"
accept-ranges: bytes
content-length: 67411
cache-control: max-age=7200
expires: Fri, 02 Jun 2023 04:38:13 GMT
x-ua-compatible: IE=Edge,chrome=1
vary: User-Agent
content-type: image/jpeg
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.bplaced.net/fonts/opensans-semibold.ttf

162.55.0.137

200 OK

21 kB

URL GET HTTP/2
www.bplaced.net/fonts/opensans-semibold.ttf
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
TrueType Font data, 19 tables, 1st "FFTM", 30 names, Macintosh\012- data
Size
21 kB (20754 bytes)
Hash
09342995dee65977ca9ca4b6c169db10
1f528b0e2fda50194f5535b4aae9135d09088c45
29c5594bd8ff46379b4e16eb47e86609acf07d86c7f705933b53239fcb448839

HTTP Headers

GET /fonts/opensans-semibold.ttf HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clashofclans.bplaced.net
DNT: 1
Connection: keep-alive
Referer: https://www.bplaced.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=1454
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Sat, 08 Oct 2022 17:29:29 GMT
etag: "8188-5ea8944cf1e64-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-ua-compatible: IE=Edge,chrome=1
access-control-allow-origin: *
strict-transport-security: max-age=31536000
content-security-policy: default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net; style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *;
content-length: 20754
content-type: font/ttf
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.bplaced.net/apple-touch-icon.png

162.55.0.137

200 OK

14 kB

URL GET HTTP/2
www.bplaced.net/apple-touch-icon.png
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14030 bytes)
Hash
6e5bf6eb29acf4dbaeefb394df1891dd
c0efbf92b0f137491f6b41c12a04ad6de3e4d803
212e03824eb9396762716406c4c2fb9579e3f06cdd59d3f24d186ee7ab568ecc

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clashofclans.bplaced.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=264
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Sat, 08 Oct 2022 17:32:41 GMT
etag: "36ce-5ea89503d99c5"
accept-ranges: bytes
content-length: 14030
cache-control: max-age=7200
expires: Fri, 02 Jun 2023 04:38:13 GMT
x-ua-compatible: IE=Edge,chrome=1
vary: User-Agent
content-type: image/png
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.bplaced.net/favicon-16x16.png

162.55.0.137

200 OK

993 B

URL GET HTTP/2
www.bplaced.net/favicon-16x16.png
IP
162.55.0.137:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clashofclans.bplaced.net/sqlite3.dll
Certificate
IssuerLet's Encrypt
Subjectbplaced.net
Fingerprint20:A7:17:28:98:5A:14:DB:85:B6:42:49:8A:43:BE:08:E7:26:48:61
ValidityThu, 01 Jun 2023 22:00:21 GMT - Wed, 30 Aug 2023 22:00:20 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
993 B (993 bytes)
Hash
1b5b251b2dbd0683c3ed1bb88d49105f
e4f97745a121662bc67f4a52fd536eeb795fc180
74f4659871fad068eeeee21f03a3f3241f7016f006e16019a8df59b102e4fe05

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: www.bplaced.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clashofclans.bplaced.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-bp-nsa-reqid: (null) a.14UID=197
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Sat, 08 Oct 2022 17:32:41 GMT
etag: "3e1-5ea89503de7e6"
accept-ranges: bytes
content-length: 993
cache-control: max-age=7200
expires: Fri, 02 Jun 2023 04:38:13 GMT
x-ua-compatible: IE=Edge,chrome=1
vary: User-Agent
content-type: image/png
date: Fri, 02 Jun 2023 02:38:13 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN