Report - 19.ptp22.com/

Report Overview

Visited public
2024-09-11 14:44:25
Tags
URL
19.ptp22.com/
Finishing URL
ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON
IP / ASN
185.107.56.199
#43350 NForce Entertainment B.V.
Title
ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ps.fungidcolder.com	unknown	2023-09-27	2024-07-02 06:47:29	2024-09-06 17:21:56	1.5 kB	3.0 kB	23.109.170.153
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-10 18:12:30	1.6 kB	4.4 kB	23.33.119.27
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-10 18:12:09	981 B	2.7 kB	23.33.119.27
19.ptp22.com	unknown	2022-01-03	2018-12-12 13:45:30	2018-12-12 13:45:30	1.8 kB	1.5 kB	185.107.56.199
click-v4.expdirclk.com	unknown	2022-12-13	2022-12-14 13:13:29	2024-09-11 07:52:22	498 B	200 B	198.134.116.17

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-11	medium	fungidcolder.com	Sinkholed
2024-09-11	medium	fungidcolder.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON	ScriptElement	8 B	2023-03-07	2025-05-09
Pretty URL ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON IP 23.109.170.153 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-05-09 22:51 Times Seen4676 Hash 74bcdb854ab16ca0977687a071ccface 3fc98dccf6a4c618323aacd44660d0c32d1e9016 f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b Loading...

HTTP Transactions (14)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b38672175b47aa9644bbcee9f6947113
4cdf55da3f293a7bc81d3327a7437c99c073a977
eb528ca147d5816b33619c0a84781118a4d23e0624be6736d5dd0af02311756c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB528CA147D5816B33619C0A84781118A4D23E0624BE6736D5DD0AF02311756C"
Last-Modified: Tue, 10 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11437
Expires: Wed, 11 Sep 2024 17:54:36 GMT
Date: Wed, 11 Sep 2024 14:43:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6bd7ab339c70a2fbeee4c8c0acd11d01
d73d3395447b2a06e32c1e3efb673107259de9d2
fdfd7bc2cf6ecc38fb1098f0fdb33cc28a034bb850556c8be63823f4c4718be2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FDFD7BC2CF6ECC38FB1098F0FDB33CC28A034BB850556C8BE63823F4C4718BE2"
Last-Modified: Tue, 10 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8865
Expires: Wed, 11 Sep 2024 17:11:44 GMT
Date: Wed, 11 Sep 2024 14:43:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c02cbc5c5d1b0406dcc246d4bd1a6d2b
4926c8ef9661a0a06ddca8476543ba0016f6db23
6d53e4415d0c45468d4481cf09e5ea095019a86af85ccd64064eb060ab802455

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D53E4415D0C45468D4481CF09E5EA095019A86AF85CCD64064EB060AB802455"
Last-Modified: Tue, 10 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10520
Expires: Wed, 11 Sep 2024 17:39:20 GMT
Date: Wed, 11 Sep 2024 14:44:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
49e3d04c2eb4d704e7e7c90e2dc519c0
33f04bc1c596585870c7b00e24bf9bef4d01dc8e
1a381b926d3ed1420dc33ec68eb8ff332a94ff175191a0564c07552b80c7a3d7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A381B926D3ED1420DC33EC68EB8FF332A94FF175191A0564C07552B80C7A3D7"
Last-Modified: Tue, 10 Sep 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12094
Expires: Wed, 11 Sep 2024 18:05:34 GMT
Date: Wed, 11 Sep 2024 14:44:00 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c110e77ce8a0bf8ebb02a7610b48f85
39cca61fb5c11f552e397bdb2b4a189e1de92dd2
cedbfdb962ef5207e87730b046c5bdc70e331647ee7b5c7da6f4f8e6d329800f

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CEDBFDB962EF5207E87730B046C5BDC70E331647EE7B5C7DA6F4F8E6D329800F"
Last-Modified: Wed, 11 Sep 2024 05:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 11 Sep 2024 20:44:00 GMT
Date: Wed, 11 Sep 2024 14:44:00 GMT
Connection: keep-alive

19.ptp22.com/

185.107.56.199

474 B

URL
19.ptp22.com/
IP
185.107.56.199:0
ASN
#43350 NForce Entertainment B.V.

File type
HTML document, ASCII text, with very long lines (474), with no line terminators
Size
474 B (474 bytes)
Hash
6eed13efd15f1353d8d34f3b839d633c
23ef14dc4f28a3376f4571ee932f17c4beb33515
9331950ca00e4260122a5b1b20084e51a7daf44c287cdfaeb65b5fd30c282d82

HTTP Headers

GET / HTTP/1.1
Host: 19.ptp22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 474
content-type: text/html; charset=utf-8
date: Wed, 11 Sep 2024 14:43:59 GMT
server: Cowboy
set-cookie: sid=4859f5df-704c-11ef-8751-ddb252213e84; path=/; domain=.ptp22.com; expires=Mon, 29 Sep 2092 17:58:07 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

19.ptp22.com/favicon.ico

185.107.56.199

9 B

URL
19.ptp22.com/favicon.ico
IP
185.107.56.199:0
ASN
#43350 NForce Entertainment B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 19.ptp22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://19.ptp22.com/
Cookie: sid=4859f5df-704c-11ef-8751-ddb252213e84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Wed, 11 Sep 2024 14:44:00 GMT
server: Cowboy
X-Firefox-Spdy: h2

19.ptp22.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNjA3MzA0MCwiaWF0IjoxNzI2MDY1ODQwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnEzZmY1NG5haW43ZHZtcDQwOTdmNGIiLCJuYmYiOjE3MjYwNjU4NDAsInRzIjoxNzI2MDY1ODQwNTQ2NzgyfQ.aGfJ1AK1j4Ay0D6jWJLoy6Xmb8rVVT7mods5RDCK3V0&sid=4859f5df-704c-11ef-8751-ddb252213e84

185.107.56.199

302 Found

11 B

URL User Request GET HTTP/2
19.ptp22.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNjA3MzA0MCwiaWF0IjoxNzI2MDY1ODQwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnEzZmY1NG5haW43ZHZtcDQwOTdmNGIiLCJuYmYiOjE3MjYwNjU4NDAsInRzIjoxNzI2MDY1ODQwNTQ2NzgyfQ.aGfJ1AK1j4Ay0D6jWJLoy6Xmb8rVVT7mods5RDCK3V0&sid=4859f5df-704c-11ef-8751-ddb252213e84
IP
185.107.56.199:443
ASN
#43350 NForce Entertainment B.V.

Certificate
IssuerLet's Encrypt
Subjectptp22.com
Fingerprint65:C4:6D:B0:C8:7A:03:42:D7:AF:C5:FA:3A:0B:30:C4:03:E3:AB:97
ValidityWed, 04 Sep 2024 14:54:37 GMT - Tue, 03 Dec 2024 14:54:36 GMT

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNjA3MzA0MCwiaWF0IjoxNzI2MDY1ODQwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnEzZmY1NG5haW43ZHZtcDQwOTdmNGIiLCJuYmYiOjE3MjYwNjU4NDAsInRzIjoxNzI2MDY1ODQwNTQ2NzgyfQ.aGfJ1AK1j4Ay0D6jWJLoy6Xmb8rVVT7mods5RDCK3V0&sid=4859f5df-704c-11ef-8751-ddb252213e84 HTTP/1.1
Host: 19.ptp22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://19.ptp22.com/
Cookie: sid=4859f5df-704c-11ef-8751-ddb252213e84
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Wed, 11 Sep 2024 14:44:00 GMT
location: http://click-v4.expdirclk.com/click?i=Zsi7hyFVxWM_0
server: Cowboy
set-cookie: sid=4859f5df-704c-11ef-8751-ddb252213e84; path=/; domain=.ptp22.com; expires=Mon, 29 Sep 2092 17:58:08 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

click-v4.expdirclk.com/click?i=Zsi7hyFVxWM_0

198.134.116.17

302 Found

0 B

URL User Request GET HTTP/1.1
click-v4.expdirclk.com/click?i=Zsi7hyFVxWM_0
IP
198.134.116.17:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerGlobalSign nv-sa
Subject*.expdirclk.com
Fingerprint94:A1:83:60:BA:90:2B:09:2F:E9:2D:77:ED:44:44:0D:E7:DF:A4:11
ValidityTue, 19 Dec 2023 13:54:21 GMT - Sun, 19 Jan 2025 13:54:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=Zsi7hyFVxWM_0 HTTP/1.1
Host: click-v4.expdirclk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 11 Sep 2024 14:44:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
49b04f894180daa05b0dbfa79fdf7a35
87e429b81ae7d18cc89e37964a7fca9ada560ef7
e4e0055cb7d9aaa797ef8f2115e073654441db8d60587fbb3729b2dc4cf4cef9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4E0055CB7D9AAA797EF8F2115E073654441DB8D60587FBB3729B2DC4CF4CEF9"
Last-Modified: Tue, 10 Sep 2024 12:54:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16734
Expires: Wed, 11 Sep 2024 19:22:55 GMT
Date: Wed, 11 Sep 2024 14:44:01 GMT
Connection: keep-alive

ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON

23.109.170.153

200 OK

61 B

URL User Request GET HTTP/1.1
ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON
IP
23.109.170.153:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectps.fungidcolder.com
Fingerprint90:E3:DE:45:BB:7E:83:94:53:B9:12:B6:31:88:E0:A4:05:BA:07:2A
ValidityMon, 02 Sep 2024 23:26:29 GMT - Sun, 01 Dec 2024 23:26:28 GMT

File type
HTML document, ASCII text, with no line terminators
Size
61 B (61 bytes)
Hash
86733bb66fb84b851592d733e51f0cbd
42eaf19a5ca195667a9212b0ea3557eee76954a8
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iEPQNISvgIcU7T/MoeON HTTP/1.1
Host: ps.fungidcolder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Sep 2024 14:44:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 12-Sep-2024 14:44:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D; expires=Thu, 12-Sep-2024 14:44:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ps.fungidcolder.com/favicon.ico

23.109.170.153

200 OK

1.4 kB

URL GET HTTP/1.1
ps.fungidcolder.com/favicon.ico
IP
23.109.170.153:443
ASN
#7979 SERVERS-COM

Requested by
https://ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON
Certificate
IssuerLet's Encrypt
Subjectps.fungidcolder.com
Fingerprint90:E3:DE:45:BB:7E:83:94:53:B9:12:B6:31:88:E0:A4:05:BA:07:2A
ValidityMon, 02 Sep 2024 23:26:29 GMT - Sun, 01 Dec 2024 23:26:28 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ps.fungidcolder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ps.fungidcolder.com/iEPQNISvgIcU7T/MoeON
Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Sep 2024 14:44:01 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Mon, 09 Sep 2024 15:48:41 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "66df18d9-57e"
Expires: Thu, 12 Sep 2024 14:44:01 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9166ec047d1a1a5f81e7d3837eabbc9a
7ed1e5b331a854776d5c422d2ded1329b74c7044
63274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16323
Expires: Wed, 11 Sep 2024 19:16:05 GMT
Date: Wed, 11 Sep 2024 14:44:02 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9166ec047d1a1a5f81e7d3837eabbc9a
7ed1e5b331a854776d5c422d2ded1329b74c7044
63274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16323
Expires: Wed, 11 Sep 2024 19:16:05 GMT
Date: Wed, 11 Sep 2024 14:44:02 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP