Report - 64.23.196.210:3000/

Report Overview

Submitted URL
64.23.196.210:3000/
IP
64.23.196.210
ASN
#0
Submitted
2024-05-02 22:48:59
Access
public
Website Title
Mythic
Final URL
64.23.196.210:3000/new/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
64.23.196.210:3000	unknown	unknown	No data	No data	2.2 kB	6.0 MB	64.23.196.210

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	64.23.196.210	Sinkholed
2024-05-02	medium	64.23.196.210	Sinkholed
2024-05-02	medium	64.23.196.210	Sinkholed
2024-05-02	medium	64.23.196.210	Sinkholed
2024-05-02	medium	64.23.196.210	Sinkholed
2024-05-02	medium	64.23.196.210	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	64.23.196.210:3000/new/static/js/main.ba207a79.js	5.7 MB	2024-05-03	2024-05-03
Pretty URL 64.23.196.210:3000/new/static/js/main.ba207a79.js IP 64.23.196.210 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 00:49:07 Last Seen2024-05-03 00:49:07 Times Seen2 Hash 228c6786b194f3983fc57d978d7900a2 591c3f8c96f692c2bc9b445b2df356d1736dc461 6fb40eca88ad282077c970488cc0c1104bf609af78bcafe562baba91bb7961c4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b326b5062b2f0e69046810717534cb09	4 B	2023-03-07	2024-05-17
Pretty Observations First Seen2023-03-07 01:03:44 Last Seen2024-05-17 11:56:01 Times Seen23975 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

HTTP Transactions (6)

URL IP Response Size

64.23.196.210:3000/

64.23.196.210

200 OK

585 B

URL User Request GET HTTP/1.1
64.23.196.210:3000/
IP
64.23.196.210:3000
ASN
#0

File type
HTML document, ASCII text, with very long lines (585), with no line terminators
Size
585 B (585 bytes)
Hash
d1c0b928584110b5d2120686376c3063
0c1475ce3a845dc66f053a8022b955ace27e59eb
292954502df7e56fec5d4b221fafb951d0fb97b4cd78dd00d99244e0e8361940

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:31 GMT
Content-Type: text/html
Content-Length: 585
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-249"
Accept-Ranges: bytes

64.23.196.210:3000/new/static/css/main.00d51b79.css

64.23.196.210

200 OK

53 kB

URL GET HTTP/1.1
64.23.196.210:3000/new/static/css/main.00d51b79.css
IP
64.23.196.210:3000
ASN
#0

Requested by
http://64.23.196.210:3000/

File type
ASCII text, with very long lines (52555)
Size
53 kB (52600 bytes)
Hash
dad850b9e114c80dc20be26b58217798
7f93d1402135f6c4c5dee5671ae5ad44316d73cb
071b264bdd9762c00507679472f232b3a97ee8ea40ce25b37ed37518331e3065

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/static/css/main.00d51b79.css HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.23.196.210:3000/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:32 GMT
Content-Type: text/css
Content-Length: 52600
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-cd78"
Accept-Ranges: bytes

64.23.196.210:3000/new/static/js/main.ba207a79.js

64.23.196.210

200 OK

5.7 MB

URL GET HTTP/1.1
64.23.196.210:3000/new/static/js/main.ba207a79.js
IP
64.23.196.210:3000
ASN
#0

Requested by
http://64.23.196.210:3000/

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
5.7 MB (5720744 bytes)
Hash
228c6786b194f3983fc57d978d7900a2
591c3f8c96f692c2bc9b445b2df356d1736dc461
6fb40eca88ad282077c970488cc0c1104bf609af78bcafe562baba91bb7961c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/static/js/main.ba207a79.js HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.23.196.210:3000/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:31 GMT
Content-Type: application/javascript
Content-Length: 5720744
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-574aa8"
Accept-Ranges: bytes

64.23.196.210:3000/new/favicon.ico

64.23.196.210

200 OK

22 kB

URL GET HTTP/1.1
64.23.196.210:3000/new/favicon.ico
IP
64.23.196.210:3000
ASN
#0

Requested by
http://64.23.196.210:3000/

File type
MS Windows icon resource - 1 icon, 80x66, 32 bits/pixel
Size
22 kB (21974 bytes)
Hash
6be63470c32ef458926abb198356006c
2107645c8482fb7a3c77a32e52680391752b14f5
3cbf2084fe1733debe21f33511754191ed8f46268d1a8a122a29cccfc7c969f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/favicon.ico HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.23.196.210:3000/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:34 GMT
Content-Type: image/x-icon
Content-Length: 21974
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-55d6"
Accept-Ranges: bytes

64.23.196.210:3000/new/logo192.png

64.23.196.210

200 OK

585 B

URL GET HTTP/1.1
64.23.196.210:3000/new/logo192.png
IP
64.23.196.210:3000
ASN
#0

Requested by
http://64.23.196.210:3000/

File type
HTML document, ASCII text, with very long lines (585), with no line terminators
Size
585 B (585 bytes)
Hash
d1c0b928584110b5d2120686376c3063
0c1475ce3a845dc66f053a8022b955ace27e59eb
292954502df7e56fec5d4b221fafb951d0fb97b4cd78dd00d99244e0e8361940

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/logo192.png HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.23.196.210:3000/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:34 GMT
Content-Type: text/html
Content-Length: 585
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-249"
Accept-Ranges: bytes

64.23.196.210:3000/new/static/media/mythic@2x.7c5b62b471ac779fd706.png

64.23.196.210

200 OK

188 kB

URL GET HTTP/1.1
64.23.196.210:3000/new/static/media/mythic@2x.7c5b62b471ac779fd706.png
IP
64.23.196.210:3000
ASN
#0

Requested by
http://64.23.196.210:3000/

File type
PNG image data, 1022 x 800, 8-bit/color RGBA, non-interlaced
Size
188 kB (188460 bytes)
Hash
f8e365b33ccb09c7189f2468913a2a72
f1a8e71ecf6373a83f190472c351460bf9f46404
adee74e01ab23fc0fed2d0d83b5f210dc5a598818772dc6f13212238a8554bb6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/static/media/mythic@2x.7c5b62b471ac779fd706.png HTTP/1.1
Host: 64.23.196.210:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://64.23.196.210:3000/new/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Thu, 02 May 2024 22:48:35 GMT
Content-Type: image/png
Content-Length: 188460
Last-Modified: Fri, 26 Apr 2024 23:11:19 GMT
Connection: keep-alive
ETag: "662c3497-2e02c"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers