urlquery - report: 167.99.35.88/iydtfncfdlhtf

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
167.99.35.88 (1)	0	2021-03-31 09:43:20	2023-05-24 08:17:43	398	122	167.99.35.88

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

167.99.35.88 (1)

2021-03-31 09:43:20

2023-05-24 08:17:43

398

122

167.99.35.88

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-26 13:50:06 UTC	high	167.99.35.88	Client IP	ET MALWARE Known Sinkhole Response Header

Timestamp

Severity

Source IP

Destination IP

Alert

2023-05-26 13:50:06 UTC

high

167.99.35.88

Client IP

ET MALWARE Known Sinkhole Response Header

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	167.99.35.88/iydtfncfdlhtf	Malware

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

167.99.35.88/iydtfncfdlhtf

Malware

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	167.99.35.88	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

167.99.35.88

Sinkholed

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.99.35.88

Date	UQ / IDS / BL	URL	IP
2023-06-04 01:01:02 UTC	3 - 1 - 4	vojyqem.com/YglfZ/login.php/	167.99.35.88
2023-06-04 01:00:54 UTC	3 - 1 - 4	vojyqem.com/YglfZ/login.php	167.99.35.88
2023-06-04 00:57:38 UTC	3 - 1 - 4	vojyqem.com/RUjjZ/login.php/	167.99.35.88
2023-06-04 00:57:31 UTC	3 - 1 - 4	vojyqem.com/RUjjZ/login.php	167.99.35.88
2023-06-04 00:56:53 UTC	3 - 1 - 4	vojyqem.com/PTjbZ/login.php	167.99.35.88

Last 5 reports on ASN: DIGITALOCEAN-ASN

Date	UQ / IDS / BL	URL	IP
2023-06-04 01:31:11 UTC	0 - 0 - 82	etransit.courier-integrator.com/	178.128.84.23
2023-06-04 01:25:15 UTC	0 - 1 - 0	www.tecnologicojoyabaj.edu.gt/Ftpuserns/desca (...)	159.65.252.226
2023-06-04 01:22:02 UTC	0 - 0 - 2	206.189.140.50/kabospy/five/PvqDq929BSx_A_D_M (...)	206.189.140.50
2023-06-04 01:21:44 UTC	0 - 0 - 2	206.189.140.50/kabospy/five/fre.php/	206.189.140.50
2023-06-04 01:01:02 UTC	3 - 1 - 4	vojyqem.com/YglfZ/login.php/	167.99.35.88

Last 5 reports on domain: 167.99.35.88

Date	UQ / IDS / BL	URL	IP
2023-06-03 06:34:27 UTC	2 - 1 - 1	167.99.35.88/adwhenxnc	167.99.35.88
2023-05-31 16:44:03 UTC	2 - 1 - 1	167.99.35.88/ofjcbwvalv	167.99.35.88
2023-05-26 13:50:13 UTC	2 - 1 - 2	167.99.35.88/iydtfncfdlhtf	167.99.35.88
2023-05-24 16:57:41 UTC	2 - 1 - 2	167.99.35.88/ukcvmpvijtet	167.99.35.88
2023-05-24 16:35:37 UTC	2 - 1 - 2	167.99.35.88/vvpx	167.99.35.88

Last 5 reports with similar screenshot

Date	UQ / IDS / BL	URL	IP
2023-06-04 01:37:55 UTC	0 - 2 - 0	f0596373.xsph.ru/	141.8.197.42
2023-06-04 01:31:15 UTC	0 - 5 - 0	www.irbis-nbuv.gov.ua/cgi-bin/irbis64r_81/cgi (...)	194.44.11.130
2023-06-04 01:31:12 UTC	0 - 3 - 0	irbis-nbuv.gov.ua/cgi-bin/irbis_low/cgiirbis_ (...)	194.44.11.130
2023-06-04 01:31:01 UTC	0 - 3 - 1	107.189.2.31/Violet.x86	107.189.2.31
2023-06-04 01:28:08 UTC	0 - 3 - 1	107.189.2.31/Violet.sh	107.189.2.31

Request	Response
GET /iydtfncfdlhtf HTTP/1.1 Host: 167.99.35.88 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	167.99.35.88 HTTP/1.1 204 No Content Server: nginx Date: Fri, 26 May 2023 13:49:56 GMT Connection: keep-alive X-Sinkhole: Malware --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 urlquery: - Malware - Sinkholed domain Blocklists: - fortinet: Malware - quad9: Sinkholed IDS: - ET MALWARE Known Sinkhole Response Header

Request

Response

                                        
                                            GET /iydtfncfdlhtf HTTP/1.1 

                                        
                                            
Host: 167.99.35.88

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             167.99.35.88

                                            
                                                HTTP/1.1 204 No Content

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Fri, 26 May 2023 13:49:56 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
X-Sinkhole: Malware 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Malware - Sinkholed domain 

                                                
                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

                                                
                                                      - quad9: Sinkholed

                                                
                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET MALWARE Known Sinkhole Response Header

URL	167.99.35.88/iydtfncfdlhtf
IP	167.99.35.88 (Netherlands)
ASN	#14061 DIGITALOCEAN-ASN
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 13:50:13 UTC
Status	Loading report..
IDS alerts	1
Blocklist alert	2
urlquery alerts	2 Malware - Sinkholed domain
Tags	sinkhole malware

Overview

Domain Summary (1)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.99.35.88

Last 5 reports on ASN: DIGITALOCEAN-ASN

Last 5 reports on domain: 167.99.35.88

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Overview

Domain Summary (1)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.99.35.88

Last 5 reports on ASN: DIGITALOCEAN-ASN

Last 5 reports on domain: 167.99.35.88

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Network Intrusion Detection Systems