Report - 133.167.79.164/

Report Overview

Visited public
2023-12-01 14:50:56
Tags
URL
133.167.79.164/
Finishing URL
133.167.79.164/
IP / ASN
133.167.79.164
#9371 SAKURA Internet Inc.
Title
Web Server's Default Page

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
133.167.79.164	unknown	unknown	2020-02-20 10:56:49	2023-03-31 04:06:26	5.2 kB	205 kB	133.167.79.164
assets.plesk.com	120376	1999-06-13	2016-07-25 15:41:51	2023-11-30 05:34:11	4.5 kB	597 kB	185.76.9.23
firehose.us-west-2.amazonaws.com	5730	2005-08-18	2017-01-30 11:07:36	2023-11-30 16:09:01	1.6 kB	1.2 kB	35.89.72.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed
2023-12-01	medium	133.167.79.164	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	assets.plesk.com/static/default-website-content/public/bundle.js	ScriptElement	295 kB	2023-11-13	2025-02-27
Pretty URL assets.plesk.com/static/default-website-content/public/bundle.js IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 11:44 Last Seen2025-02-27 10:58 Times Seen2207 Hash c7a9f0e4da53a89761ad5d0278130614 58db235e943b3fc06bbd00031236e140614abc13 8916961fade067cb7c7ff49f8396e6afa17b539db8f0d32fdc1bc2740d7615c6 Loading...

	assets.plesk.com/static/default-website-content/public/default-server-index.js	ScriptElement	29 kB	2023-11-15	2024-08-20
Pretty URL assets.plesk.com/static/default-website-content/public/default-server-index.js IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:24 Last Seen2024-08-20 19:28 Times Seen436 Hash 281f3691599283c7db880748d322f9db d40c60d34711ad4f7373ea9e1d85de194b68f934 2d8903ac56099a37b3399c5161eb4c5b41480e62b1d067c760120c1892e7371e Loading...

	133.167.79.164/	ScriptElement	157 B	2023-05-20	2024-12-17
Pretty URL 133.167.79.164/ IP 133.167.79.164 ASN #9371 SAKURA Internet Inc. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-20 16:54 Last Seen2024-12-17 01:17 Times Seen14 Hash 60689b5a8c186597fc9e46d14b1fc648 1ced81715639dce6e391497c83e7f38c669ca18a d15f09b3cbc24d2b9ef24c1cdfc44eb9f00b138ea722fcdeec96e0768309db96 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9828db11b2e1b729a1bbf52ef454aef6	73 B	2024-08-20 17:10	2024-08-20 17:10
Pretty Observations First Seen2024-08-20 17:10 Last Seen2024-08-20 17:10 Times Seen1 Hash 9828db11b2e1b729a1bbf52ef454aef6 0c1cee0e5ba290fb48c931695f5042df4937b4a7 d9e6f260dcb4b99b87e6f4c25f38453e8fb941474d399718e33aa342aab22b58 Loading...

	#2 Write - 951ab8013d31d3aecdb3633ed4d33510	18 kB	2024-08-20 17:10	2024-08-20 17:10
Pretty Observations First Seen2024-08-20 17:10 Last Seen2024-08-20 17:10 Times Seen1 Hash 951ab8013d31d3aecdb3633ed4d33510 e347f6f6fc3ae13fd7970cb39fe16140ec1ae2a9 3f6e86c41c71cd9d53294d269fcc49d1f3538f85685579b8075c31e5a1244e69 Loading...

HTTP Transactions (25)

URL IP Response Size

133.167.79.164/

133.167.79.164

200 OK

4.8 kB

URL User Request GET HTTP/1.1
133.167.79.164/
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
4.8 kB (4842 bytes)
Hash
83bd9a73ffcebb4ebf975aa55566c6b5
cbdbf4a001dfc6d2e6f6d46d3573abb76ca9ddf6
9f957c4bc618f34ef551972242f7d316e43fe0956b6f330e376721db4c1d99e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:40 GMT
Content-Type: text/html
Content-Length: 4842
Connection: keep-alive
Last-Modified: Wed, 04 Mar 2020 17:19:21 GMT
ETag: "12ea-5a00a9f00ffc4"
Accept-Ranges: bytes

133.167.79.164/style.css

133.167.79.164

200 OK

4.5 kB

URL GET HTTP/1.1
133.167.79.164/style.css
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

Requested by
http://133.167.79.164/

File type
ASCII text
Size
4.5 kB (4477 bytes)
Hash
640388bda70e470886b33bfc5f25474c
e69a70788dbaae599089bf3ddea54f318dc45a74
d18e0bab5e89b45cdb44449fc1b1e9a1a6c77ab45797ef0e316873f8cfe3b893

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style.css HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:41 GMT
Content-Type: text/css
Content-Length: 4477
Connection: keep-alive
Last-Modified: Fri, 07 Feb 2020 12:50:13 GMT
ETag: "117d-59dfbd49d8b40"
Accept-Ranges: bytes

assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-700-54321e.woff2

185.76.9.23

200 OK

18 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-700-54321e.woff2
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17784, version 1.0\012- data
Size
18 kB (17784 bytes)
Hash
8d7a3f034881d1712b3325cc71425c10
9594f24367800a20297a96c2d4f957e62c63e207
ced2d8e02e2fbf08d2edec9b5f13648ed8348588a05f7181632f3c1dd6e1f5c3

HTTP Headers

GET /static/default-website-content/public/fonts/inter-v12-latin-700-54321e.woff2 HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://133.167.79.164
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: font/woff2
content-length: 17784
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: "6555c23b-4578"
expires: Thu, 16 Nov 2023 07:34:04 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 5918:38A2:494CB21:4A6FAD8:6555C394
via: 1.1 varnish
age: 0
x-served-by: cache-ams21040-AMS
x-cache-hits: 0
x-timer: S1700119445.895457,VS0,VE108
vary: Accept-Encoding
x-fastly-request-id: 465c18a52bdce1a4b459b010546c83c4376ef657
x-77-nzt: ArlMCRQ3NzfeXAIAALlMCgE3Nzf/1gAAAA
x-77-nzt-ray: af5856304d807f46c1f269654e31e122
x-accel-expires: @1701442455
x-accel-date: 1701441637
x-77-cache: HIT
x-77-age: 818
server: CDN77-Turbo
x-cache-lb: REVALIDATED
x-age-lb: 604
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-regular-be7cb1.woff2

185.76.9.23

200 OK

17 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-regular-be7cb1.woff2
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16708, version 1.0\012- data
Size
17 kB (16708 bytes)
Hash
68c477c4c76baab3a8d1ef6a55aa986f
4af50379e13514558dd53d123db8ea101ec5e24c
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

HTTP Headers

GET /static/default-website-content/public/fonts/inter-v12-latin-regular-be7cb1.woff2 HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://133.167.79.164/
Origin: http://133.167.79.164
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: font/woff2
content-length: 16708
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: "6555c23b-4144"
expires: Thu, 16 Nov 2023 07:36:34 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: D978:D547:210ED5F:2194128:6555C42A
via: 1.1 varnish
age: 0
x-served-by: cache-ams21050-AMS
x-cache-hits: 0
x-timer: S1700119595.640276,VS0,VE104
vary: Accept-Encoding
x-fastly-request-id: c4794b67314bd2309bf19a14b7c9585e7b94da4b
x-77-nzt: ArlMCRQ3Nzf/OAEAALlMCgE3Nzf/HwAAAA
x-77-nzt-ray: af5856306e94854ec1f26965b4e1d326
x-accel-expires: @1701442457
x-accel-date: 1701441929
x-77-cache: HIT
x-77-age: 343
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 312
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

133.167.79.164/img/guy.png

133.167.79.164

200 OK

10 kB

URL GET HTTP/1.1
133.167.79.164/img/guy.png
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

Requested by
http://133.167.79.164/

File type
PNG image data, 144 x 286, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (9999 bytes)
Hash
508c30a08de6e9a033e045a6979f76d7
8bbde0114d14ef4e0687fab5cc70e3bd4d96c233
40d72d259fff82a177cd2c2f2a1bd0024ec04a2cd5a19d5596187755cc2ae5f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/guy.png HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:41 GMT
Content-Type: image/png
Content-Length: 9999
Connection: keep-alive
Last-Modified: Fri, 07 Feb 2020 12:50:13 GMT
ETag: "270f-59dfbd49d8b40"
Accept-Ranges: bytes

133.167.79.164/img/header-bg.svg

133.167.79.164

200 OK

306 B

URL GET HTTP/1.1
133.167.79.164/img/header-bg.svg
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

Requested by
http://133.167.79.164/

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
306 B (306 bytes)
Hash
1d0da8412831afd8c2d5ae19788b878e
2d07bb248ea376229a5e7c99890ac65a2fea5a34
7fe96aeee4190dbae6cbc80388559ba3dfece20ff53e2423141e29435a8f7001

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/header-bg.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:41 GMT
Content-Type: image/svg+xml
Content-Length: 306
Connection: keep-alive
Last-Modified: Fri, 07 Feb 2020 12:50:13 GMT
ETag: "132-59dfbd49d8b40"
Accept-Ranges: bytes

assets.plesk.com/static/default-website-content/public/favicon-2d0e10.ico

185.76.9.23

200 OK

114 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/favicon-2d0e10.ico
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
MS Windows icon resource - 7 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel\012- data
Size
114 kB (113459 bytes)
Hash
1db747255c64a30f9236e9d929e986ca
384023452346aa087d40c93c23ca2f5e32ff1b1f
88baf40feb43463a8f6aa6543e88bdbe33f0db9a317486e786eee1e5c76a9544

HTTP Headers

GET /static/default-website-content/public/favicon-2d0e10.ico HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:42 GMT
content-type: image/vnd.microsoft.icon
content-length: 113459
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: "6555c23b-1bb33"
expires: Thu, 16 Nov 2023 07:32:16 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: D898:F954:49C56C2:4AE0922:6555C328
via: 1.1 varnish
age: 0
x-served-by: cache-ams21042-AMS
x-cache-hits: 0
x-timer: S1700119337.623742,VS0,VE109
vary: Accept-Encoding
x-fastly-request-id: a0a8c7edc40015f0e509e49ee68155eb0c88be02
x-77-nzt: ArlMCRQ3Nzf/yAEAALlMCgE3Nzf/SQAAAA
x-77-nzt-ray: af5856304d807f46c2f26965f44f6d11
x-accel-expires: @1701442290
x-accel-date: 1701441786
x-77-cache: HIT
x-77-age: 529
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 456
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

firehose.us-west-2.amazonaws.com/

35.89.72.0

200 OK

20 B

URL OPTIONS HTTP/1.1
firehose.us-west-2.amazonaws.com/
IP
35.89.72.0:443
ASN
#16509 AMAZON-02

Requested by
http://133.167.79.164/
Certificate
IssuerAmazon
Subjectfirehose.us-west-2.amazonaws.com
Fingerprint33:FD:78:B1:20:8F:6F:DC:AD:63:CA:90:DB:65:81:6C:6B:52:01:BB
ValidityWed, 01 Mar 2023 00:00:00 GMT - Thu, 29 Feb 2024 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size
20 B (20 bytes)
Hash
3970e82605c7d109bb348fc94e9eecc0
e03849ea786b9f7b28a35c17949e85a93eb1cff1
f5d031af01f137ae07fa71720fab94d16cc8a2a59868766002918b7c240f3967

HTTP Headers

OPTIONS / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Referer: http://133.167.79.164/
Origin: http://133.167.79.164
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amzn-RequestId: ccf0ec57-5195-21e4-9113-19556e9ed9bf
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Access-Control-Allow-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 20
Date: Fri, 01 Dec 2023 14:50:41 GMT

firehose.us-west-2.amazonaws.com/

35.89.72.0

200 OK

246 B

URL OPTIONS HTTP/1.1
firehose.us-west-2.amazonaws.com/
IP
35.89.72.0:443
ASN
#16509 AMAZON-02

Requested by
http://133.167.79.164/
Certificate
IssuerAmazon
Subjectfirehose.us-west-2.amazonaws.com
Fingerprint33:FD:78:B1:20:8F:6F:DC:AD:63:CA:90:DB:65:81:6C:6B:52:01:BB
ValidityWed, 01 Mar 2023 00:00:00 GMT - Thu, 29 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
246 B (246 bytes)
Hash
9cfbcaf964da936d6c4b768ab18d327f
020ac7166f11e779f6c9b044dbb3c3f33448b05b
9644f51958b716a7bf932b665d45fcdab6c1ddbd799042ed558aebecc82c9657

HTTP Headers

POST / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Amz-User-Agent: aws-sdk-js/2.1335.0 callback
Content-Type: application/x-amz-json-1.1
X-Amz-Target: Firehose_20150804.PutRecord
X-Amz-Content-Sha256: 80419b3cbf0db7b36284496104e74d96c5105cb26825da6e481812133fdb05bf
X-Amz-Date: 20231201T145046Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAR4YEYRJL6JKBNRGP/20231201/us-west-2/firehose/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=918a71cd621562860eb4a5c8dbb1b633022459179a1916549722852fe54cf34e
Content-Length: 108
Origin: http://133.167.79.164
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amzn-RequestId: f760249b-7f11-d0ca-aa83-d199401a2891
Access-Control-Allow-Origin: *
Content-Encoding: gzip
x-amz-id-2: 03cGvGuHai5O7gCruM1t1S7xdrhnPco2UopRDkCUGpHsT7VMFOJMuxOZ0uEXwkkRXVNxc2NlH9NxjM/AaJeqmtDg7bz8jz5d
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Content-Type: application/x-amz-json-1.1
Content-Length: 246
Date: Fri, 01 Dec 2023 14:50:41 GMT

133.167.79.164/img/header-server-page.png

133.167.79.164

200 OK

169 kB

URL GET HTTP/1.1
133.167.79.164/img/header-server-page.png
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

Requested by
http://133.167.79.164/

File type
PNG image data, 970 x 620, 8-bit/color RGBA, non-interlaced\012- data
Size
169 kB (169303 bytes)
Hash
3bcbf72252f1ec7d239f10ef2048da5b
bc9cd609ff7d338a6bcc9fd6e69e07ca0b081277
291df56b4065effca1f8533e2119b7d5d7dc02fa4ef7a40f74e2fe22940f0afa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/header-server-page.png HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:41 GMT
Content-Type: image/png
Content-Length: 169303
Connection: keep-alive
Last-Modified: Fri, 07 Feb 2020 12:50:13 GMT
ETag: "29557-59dfbd49d8b40"
Accept-Ranges: bytes

133.167.79.164/fonts/lato-v16-latin-regular.woff2

133.167.79.164

200 OK

14 kB

URL GET HTTP/1.1
133.167.79.164/fonts/lato-v16-latin-regular.woff2
IP
133.167.79.164:80
ASN
#9371 SAKURA Internet Inc.

Requested by
http://133.167.79.164/

File type
Web Open Font Format (Version 2), TrueType, length 23484, version 1.0\012- data
Size
14 kB (14266 bytes)
Hash
c9eaf9564afb4c729bb5bf298bbffc8b
a0a03c381512d5afc31c3704c602ba57bafa35ee
b4c7dd20001b1813039a39e3c08333925ec2b57c40250b7feaf58dedaf96a5d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/lato-v16-latin-regular.woff2 HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://133.167.79.164/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 14:50:41 GMT
Content-Length: 23484
Connection: keep-alive
Last-Modified: Fri, 07 Feb 2020 12:50:13 GMT
ETag: "5bbc-59dfbd49d8b40"
Accept-Ranges: bytes

133.167.79.164/img/plesk-guides.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/plesk-guides.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/plesk-guides.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

133.167.79.164/fonts/lato-v16-latin-700.woff2

0.0.0.0

0 B

URL GET
133.167.79.164/fonts/lato-v16-latin-700.woff2
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/lato-v16-latin-700.woff2 HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/style.css

assets.plesk.com/static/default-website-content/public/img/logo-81ca7a.svg

185.76.9.23

200 OK

2.1 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/img/logo-81ca7a.svg
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2118), with no line terminators
Size
2.1 kB (2099 bytes)
Hash
f9feb5d64f4aa6ef9441952f93004e90
94b804495ac52b65261f53f1dd97c0d0691a7ac5
024d3703031d890a8de7c855c2fdbe295daf1b803f828f4e7f225f75d0897941

HTTP Headers

GET /static/default-website-content/public/img/logo-81ca7a.svg HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: image/svg+xml
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-833"
expires: Thu, 16 Nov 2023 07:29:30 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 8BB2:D51D:1A0AFC0:1A722AC:6555C282
via: 1.1 varnish
age: 0
x-served-by: cache-ams21033-AMS
x-cache-hits: 0
x-timer: S1700119170.375068,VS0,VE113
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: 6815c759031341df013224e76954136c205880b3
x-77-nzt: ArlMCRQ3Nzf/wwAAALlMCgE3Nzf/CgAAAA
x-77-nzt-ray: af5856304d807f46c1f26965172a3f22
x-accel-expires: @1701442558
x-accel-date: 1701442046
x-77-cache: HIT
x-77-age: 205
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 195
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

assets.plesk.com/static/default-website-content/public/bundle.js

185.76.9.23

200 OK

295 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/bundle.js
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
295 kB (295325 bytes)
Hash
c7a9f0e4da53a89761ad5d0278130614
58db235e943b3fc06bbd00031236e140614abc13
8916961fade067cb7c7ff49f8396e6afa17b539db8f0d32fdc1bc2740d7615c6

HTTP Headers

GET /static/default-website-content/public/bundle.js HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-4819d"
expires: Thu, 16 Nov 2023 07:34:47 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: E6B4:570C:1AF023:1B5EA9:6555C3BF
via: 1.1 varnish
age: 0
x-served-by: cache-ams21059-AMS
x-cache-hits: 0
x-timer: S1700119488.556318,VS0,VE118
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: 47b12558ac97d66c638d8d6aea87051d20c16c3c
x-77-nzt: ArlMCRQ3Nzf/oAAAALlMCgE3Nzf/CQAAAA
x-77-nzt-ray: af5856304d807f46c1f26965eedc6722
x-accel-expires: @1701442667
x-accel-date: 1701442081
x-77-cache: HIT
x-77-age: 169
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 160
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

133.167.79.164/img/developers-blog.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/developers-blog.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/developers-blog.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

133.167.79.164/img/forum.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/forum.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/forum.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

assets.plesk.com/static/default-website-content/public/img/wpg-0f8209.svg

185.76.9.23

200 OK

1.9 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/img/wpg-0f8209.svg
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1953), with no line terminators
Size
1.9 kB (1905 bytes)
Hash
e797c14250ba3c4185601c2a48091b20
087f038c0033b8c3799c2f40d80e4525ad09bd93
c71654edf3f67cc23796e5ea1f182a0e31aa866610906d2ba3481fe934b3f60f

HTTP Headers

GET /static/default-website-content/public/img/wpg-0f8209.svg HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: image/svg+xml
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-771"
expires: Thu, 16 Nov 2023 07:30:40 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 83BA:268E:482752B:4945F06:6555C2C8
via: 1.1 varnish
age: 0
x-served-by: cache-ams21036-AMS
x-cache-hits: 0
x-timer: S1700119240.113813,VS0,VE117
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: fa9c03805aecdf70a44c5a0040979059f677d247
x-77-nzt: ArlMCRQ3Nzf/TQAAALlMCgE3Nzf/RgAAAA
x-77-nzt-ray: af5856304d807f46c1f26965ddbc5222
x-accel-expires: @1701442738
x-accel-date: 1701442164
x-77-cache: HIT
x-77-age: 147
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 77
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

133.167.79.164/img/logo.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/logo.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

assets.plesk.com/static/default-website-content/public/img/robot-4b152c.svg

185.76.9.23

200 OK

89 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/img/robot-4b152c.svg
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (89014 bytes)
Hash
a11790af7b8e734f7391d2695e96bfc8
af73e0993f9a486721d75bc21d6eb6e17104ece9
01084e18312cb2af2d6b89b7348a7f1e5ae8faf10c0bd9ce478dd38adb2955a3

HTTP Headers

GET /static/default-website-content/public/img/robot-4b152c.svg HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: image/svg+xml
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-15bb6"
expires: Thu, 16 Nov 2023 07:34:10 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 3510:EDB5:1DC0094:1E382C8:6555C39A
via: 1.1 varnish
age: 0
x-served-by: cache-ams21062-AMS
x-cache-hits: 0
x-timer: S1700119451.524985,VS0,VE115
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: c97214ce006cd972f6afeea266e68661195d692b
x-77-nzt: ArlMCRQ3Nzf/pwEAALlMCgE3Nzf/AQAAAA
x-77-nzt-ray: af5856304d807f46c1f26965b483d622
x-accel-expires: @1701442300
x-accel-date: 1701441818
x-77-cache: HIT
x-77-age: 424
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 423
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

133.167.79.164/img/facebook.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/facebook.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/facebook.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

assets.plesk.com/static/default-website-content/public/default-server-index.js

185.76.9.23

200 OK

29 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/default-server-index.js
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type

Size
29 kB (29183 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/default-website-content/public/default-server-index.js HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-71ff"
expires: Thu, 16 Nov 2023 07:31:53 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 3A26:5F09:4908010:4A22CB7:6555C310
via: 1.1 varnish
age: 0
x-served-by: cache-ams21071-AMS
x-cache-hits: 0
x-timer: S1700119313.074635,VS0,VE114
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: dcaf9a569e7a80ebd7a10a98b145c6ea717b733f
x-77-nzt: ArlMCRQ3Nzf/TwIAALlMCgE3Nzf/NQAAAA
x-77-nzt-ray: af5856304d807f46c1f26965d645f40e
x-accel-expires: @1701442243
x-accel-date: 1701441650
x-77-cache: HIT
x-77-age: 644
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 591
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

assets.plesk.com/static/default-website-content/public/img/stars-fb15b6.svg

185.76.9.23

200 OK

24 kB

URL GET HTTP/2
assets.plesk.com/static/default-website-content/public/img/stars-fb15b6.svg
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
http://133.167.79.164/
Certificate
IssuerLet's Encrypt
Subject1226552209.rsc.cdn77.org
Fingerprint6D:2F:F9:19:86:C9:4F:C8:2A:4A:4F:49:5D:3A:4C:7F:DD:C4:21:87
ValidityFri, 29 Sep 2023 14:57:38 GMT - Thu, 28 Dec 2023 14:57:37 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (23586)
Size
24 kB (23587 bytes)
Hash
18aa9407cb97208391f24bcef249457f
c76eef71591d7d92fb30f51b49dadf16ae600a05
30628c4c5254e81ed7f953bd449c6976ce87210089c4b221f00c3a7a5d597736

HTTP Headers

GET /static/default-website-content/public/img/stars-fb15b6.svg HTTP/1.1
Host: assets.plesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 14:50:41 GMT
content-type: image/svg+xml
permissions-policy: interest-cohort=()
last-modified: Thu, 16 Nov 2023 07:18:19 GMT
access-control-allow-origin: *
etag: W/"6555c23b-5c23"
expires: Thu, 16 Nov 2023 07:31:21 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 9A00:38A2:493F0EF:4A61D8C:6555C2F1
via: 1.1 varnish
age: 0
x-served-by: cache-ams21083-AMS
x-cache-hits: 0
x-timer: S1700119281.449913,VS0,VE110
vary: Accept-Encoding, Accept-Encoding
x-fastly-request-id: 861c5e8860816677f98143e5ccdb9a85a64915bc
x-77-nzt: ArlMCRQ3Nzf/OAEAALlMCgE3Nzf/HgAAAA
x-77-nzt-ray: af5856304d807f46c1f26965cf5dc822
x-accel-expires: @1701442518
x-accel-date: 1701441929
x-77-cache: HIT
x-77-age: 342
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 312
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

133.167.79.164/img/knowlede-base.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/knowlede-base.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/knowlede-base.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

133.167.79.164/img/video-guides.svg

0.0.0.0

0 B

URL GET
133.167.79.164/img/video-guides.svg
IP
0.0.0.0:0
ASN
#0

Requested by
http://133.167.79.164/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/video-guides.svg HTTP/1.1
Host: 133.167.79.164
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://133.167.79.164/
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (25)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size