Report - xn--lfkvist-90a.eu/

Report Overview

Submitted URL
xn--lfkvist-90a.eu/
IP
81.169.145.163
ASN
#6724 Strato AG
Submitted
2023-05-27 12:40:10
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xn--lfkvist-90a.eu	unknown	unknown	No data	No data	391 B	485 B	81.169.145.163
68.219.123.162	unknown	unknown	No data	No data	1.4 kB	3.9 kB	68.219.123.162
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-05-27	431 B	28 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2023-05-27	949 B	57 kB	151.101.65.229
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-05-27	358 B	1.9 kB	104.18.20.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-27 12:39:52	medium	81.169.145.163	Client IP	ET INFO TLS Handshake Failure
2023-05-27 12:39:52	medium	81.169.145.163	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-27	medium	68.219.123.162
2023-05-27	medium	68.219.123.162
2023-05-27	medium	68.219.123.162
2023-05-27	medium	68.219.123.162

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 09:51:32 Times Seen105827 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js	80 kB	2023-03-08	2024-04-24
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:09 Last Seen2024-04-24 09:31:15 Times Seen1343 Hash d2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00 Loading...

HTTP Transactions (9)

URL IP Response Size

xn--lfkvist-90a.eu/

81.169.145.163

301 Moved Permanently

230 B

URL User Request GET HTTP/1.1
xn--lfkvist-90a.eu/
IP
81.169.145.163:80
ASN
#6724 Strato AG

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
230 B (230 bytes)
Hash
677110fe227ce9ead9c89ae3d3cfdd87
946ab9e5de1c93d70a7a243ff0c26136529e7e02
90ae949df257273c986ae37e87cb02adcd6039e4e99c049c2e26f82a54aa0788

HTTP Headers

GET / HTTP/1.1
Host: xn--lfkvist-90a.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 27 May 2023 12:39:53 GMT
Server: Apache/2.4.57 (Unix)
Location: http://68.219.123.162/
Content-Length: 230
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

68.219.123.162/

68.219.123.162

200 OK

1.6 kB

URL User Request GET HTTP/1.1
68.219.123.162/
IP
68.219.123.162:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1607 bytes)
Hash
41678818832b0e9e42af1c63b79d9dcb
06b664e33531befd11d598ebfd23fdd0a43f0773
6722a6107f8a4bb61fbac48090302c6a0c2e124a5492deea354029d3758cfbe3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 68.219.123.162
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 27 May 2023 12:39:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1607
Connection: keep-alive

cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

104.17.24.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://68.219.123.162/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
27 kB (27433 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 May 2023 12:39:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27433
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 159554
expires: Thu, 16 May 2024 12:39:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nq%2BHGRTloLAwtbZkRlHEKqxSZEVOPTZRNqSOz%2BV4PQBRAm9IznQKy%2ByuNd5FQREICVTg3tJITP0Sy98qcmI6eRrcCLBVrO3IEU9eTINtWd8TEKhTD%2B3Y7Oj6Ra24fjCBpW0H7VNm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7cde52c09d4db4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js

151.101.65.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
http://68.219.123.162/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
ASCII text, with very long lines (65299)
Size
25 kB (24684 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://68.219.123.162
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
content-encoding: br
accept-ranges: bytes
date: Sat, 27 May 2023 12:39:53 GMT
age: 5678728
x-served-by: cache-fra-eddf8230122-FRA, cache-bma1676-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24684
X-Firefox-Spdy: h2

68.219.123.162/static/styles.css

68.219.123.162

200 OK

515 B

URL GET HTTP/1.1
68.219.123.162/static/styles.css
IP
68.219.123.162:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://68.219.123.162/

File type
ASCII text
Size
515 B (515 bytes)
Hash
d706904f8ff0ed75c315745c11c057ac
1cd1b74b2ed417042b3ef65d8d33eea20cc32164
32066d221ecb925871781ec5063108673951f986953dd2bffef0147c9f013e0c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/styles.css HTTP/1.1
Host: 68.219.123.162
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 27 May 2023 12:39:53 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 515
Connection: keep-alive
Content-Disposition: inline; filename=styles.css
Last-Modified: Fri, 26 May 2023 12:13:07 GMT
Cache-Control: no-cache
ETag: "1685103187.2443752-515-2351696458"

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css

151.101.65.229

200 OK

30 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
http://68.219.123.162/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
30 kB (30336 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://68.219.123.162
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: br
accept-ranges: bytes
date: Sat, 27 May 2023 12:39:53 GMT
age: 6306008
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1676-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
X-Firefox-Spdy: h2

68.219.123.162/static/GL_Fjaril.png

68.219.123.162

200 OK

594 B

URL GET HTTP/1.1
68.219.123.162/static/GL_Fjaril.png
IP
68.219.123.162:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://68.219.123.162/

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
594 B (594 bytes)
Hash
af3ceab4c7372ea8518a0b8a9ae36be3
f3e3f9ec1e11b63a286fcda6a77c380187370ccb
96d4a7185b9c82532f448d3eb1a5088936e08165cbbe2deb9acaa9f19e691ad9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/GL_Fjaril.png HTTP/1.1
Host: 68.219.123.162
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 27 May 2023 12:39:53 GMT
Content-Type: image/png
Content-Length: 594
Connection: keep-alive
Content-Disposition: inline; filename=GL_Fjaril.png
Last-Modified: Fri, 26 May 2023 12:13:07 GMT
Cache-Control: no-cache
ETag: "1685103187.2443752-594-2806844140"

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.20.226

1.5 kB

URL
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
1b2763300a1ebbc55278fd6c392ba2dd
1d204dc971c6564e2022c6da0400de05831d7214
a0e1dc85b1170b5090f2cec621364752ba927718e47897202fd8a8f30df14bae

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 27 May 2023 12:39:53 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1C6CAFDBB6BDCEDB6037608CAC6C7954EAB36A82"
Expires: Sat, 27 May 2023 23:00:00 GMT
Last-Modified: Sat, 27 May 2023 11:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2615
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7cde52c1fdc9b50b-OSL

68.219.123.162/favicon.ico

68.219.123.162

404 NOT FOUND

207 B

URL GET HTTP/1.1
68.219.123.162/favicon.ico
IP
68.219.123.162:80
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://68.219.123.162/

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
207 B (207 bytes)
Hash
e46c4e5e1fbc64b1bae9ebd9bcef7fcf
d767b3cb0ad66544c649e4165fc4b37e3c17e370
e9639e3c4681ce85f852fbac48e2eeee5ba51296dbfec57c200d59b76237ab80

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 68.219.123.162
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://68.219.123.162/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 NOT FOUND
Server: nginx/1.23.4
Date: Sat, 27 May 2023 12:39:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 207
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size