Report - 94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll

Report Overview

Visited public
2023-11-29 12:38:25
Tags
URL
94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
Finishing URL
94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
IP / ASN
94.142.138.114
#35196 Ihor Hosting LLC
Title
301 Moved

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
94.142.138.114	unknown	unknown	2023-11-27 20:18:38	2023-11-27 20:18:38	846 B	1.0 kB	94.142.138.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 12:38:11	medium	Client IP	94.142.138.114	ET INFO Dotted Quad Host DLL Request
2023-11-29 12:38:11	medium	Client IP	94.142.138.114	ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
2023-11-29 12:38:11	high	Client IP	94.142.138.114	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-29 12:38:11	high	Client IP	94.142.138.114	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-29 12:38:12	high	Client IP	94.142.138.114	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-29 12:38:12	high	Client IP	94.142.138.114	ThreatFox botnet C2 traffic (url - confidence level: 100%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-29	medium	94.142.138.114	Sinkholed
2023-11-29	medium	94.142.138.114	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll

94.142.138.114

194 B

URL User Request GET
94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
IP
94.142.138.114:0
ASN
#35196 Ihor Hosting LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
194 B (194 bytes)
Hash
d40062ed2924b41f9d244e95d7fd0818
7d2c1e0a8aa967eaac35e4013b0f787e11ec8a3a
60341eea7eaf8c16b91ca7eddb90ea1a255403e72e2e8386d0584fc8d9e1c542

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host DLL Request
suricata	medium	ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1
Host: 94.142.138.114
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 29 Nov 2023 12:38:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip

94.142.138.114/favicon.ico

94.142.138.114

200 OK

194 B

URL GET HTTP/1.1
94.142.138.114/favicon.ico
IP
94.142.138.114:80
ASN
#35196 Ihor Hosting LLC

Requested by
http://94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
194 B (194 bytes)
Hash
d40062ed2924b41f9d244e95d7fd0818
7d2c1e0a8aa967eaac35e4013b0f787e11ec8a3a
60341eea7eaf8c16b91ca7eddb90ea1a255403e72e2e8386d0584fc8d9e1c542

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 94.142.138.114
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://94.142.138.114/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 29 Nov 2023 12:38:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers