Report - 13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0

Report Overview

Visited public
2023-11-04 08:36:16
Tags
URL
13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0
Finishing URL
13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0
IP / ASN
13.112.134.19
#16509 AMAZON-02
Title
13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
13.112.134.19:13800	unknown	unknown	No data	No data	867 B	44 kB	13.112.134.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-04	medium	13.112.134.19	Sinkholed
2023-11-04	medium	13.112.134.19	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0

13.112.134.19

200 OK

1.0 kB

URL User Request GET HTTP/1.1
13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0
IP
13.112.134.19:13800
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (4640), with no line terminators
Size
1.0 kB (1014 bytes)
Hash
40ca986c1b3c563cc0270696b64c9393
c8c7502e543421f81717abace449fb1278082183
9b1f7ea0516a9f6f1ff34518e9bf4fb2bbcb0696a1a4a859e305c9f5a43b0b85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0 HTTP/1.1
Host: 13.112.134.19:13800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Nov 2023 08:35:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.4.33
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpmbZOl4PC4VwCSAMm9uZmE%2BL2Agl6Htf6djmePSuEbnJG1Y9L0iUJh9WZhuU5KPI9dOINSWY1r%2FhCuS4G9s3iRT0yVGmYTrHuYv3DL%2BDVoT%2B7oRe8mWjDEiYYw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 820b86dafce63445-NRT
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
Cache-Control: no-cache

13.112.134.19:13800/favicon.ico

13.112.134.19

200 OK

42 kB

URL GET HTTP/1.1
13.112.134.19:13800/favicon.ico
IP
13.112.134.19:13800
ASN
#16509 AMAZON-02

Requested by
http://13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0

File type
MS Windows icon resource - 10 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size
42 kB (41965 bytes)
Hash
9f472d155c0871b155cbdbd2c57fa75f
ef33a89a7b075b0f903d02d8adc344e0f128a244
b412287fa85b9b8a90caac544eb79461cf9baf61b1740e4be911f4726d04cb78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 13.112.134.19:13800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://13.112.134.19:13800/api/v1/client/subscribe?token=ce41d51e5664e57b9470f9061c1f61c0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Nov 2023 08:36:00 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
etag: W/"rze1lt4cor"
last-modified: Mon, 14 Aug 2023 15:56:17 GMT
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDQyg7MVePHYsC59HVJNRlTO6cckacBCMWJTo2dqcYz%2F%2FtErvzArCh90Qh6znO3sTssCQ8G04jEL9l9IbAV%2BqhIgolK%2FKHkHi6ZCyg5RoAeD4aNa%2B1Vt%2BJTkNHs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 820aefceccfaf64d-NRT
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
Cache-Control: max-age=14400, no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers