Report - 40.119.213.159/

Report Overview

Visitedpublic

2024-08-05 16:18:24

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown				2.6 kB	7.1 kB	23.36.77.32
40.119.213.159	unknown				1.3 kB	1.1 kB	40.119.213.159

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-05	medium	40.119.213.159	Sinkholed
2024-08-05	medium	40.119.213.159	Sinkholed
2024-08-05	medium	40.119.213.159	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen25384

Size504 B (504 bytes)

MD5aadf4023fd478bb51576a5f2358b225e

SHA1a9d7b5d1e6a9d4f3fd800815a784607563dae142

SHA256cc1e53796ec8c93a6a4cf66399a32249a405bd6ec1bd7399d5926c11657868a9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CC1E53796EC8C93A6A4CF66399A32249A405BD6EC1BD7399D5926C11657868A9"
Last-Modified: Sat, 03 Aug 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5343
Expires: Mon, 05 Aug 2024 17:47:02 GMT
Date: Mon, 05 Aug 2024 16:17:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen24116

Size504 B (504 bytes)

MD5084406a853d82fa208410ee4bc78b67c

SHA11c6276ec2e9a0fa10937dc34d821a64633c7d16a

SHA2566d567507b5502a9e553e77b519b679e83b3a8a01896731cec08bd1da0699b379

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D567507B5502A9E553E77B519B679E83B3A8A01896731CEC08BD1DA0699B379"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5014
Expires: Mon, 05 Aug 2024 17:41:33 GMT
Date: Mon, 05 Aug 2024 16:17:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-03

Last Seen2024-08-19

Times Seen30175

Size504 B (504 bytes)

MD58bd7201be8d12c4b511d2c5643b45dbc

SHA1f2ecb2ebafbf4f8d92f92007753001befcedc634

SHA25625cb2e6ad29d4503f32121fbe37e2b0f4ce64a7f6cb57233ebf16df5d6b78d53

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "25CB2E6AD29D4503F32121FBE37E2B0F4CE64A7F6CB57233EBF16DF5D6B78D53"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6463
Expires: Mon, 05 Aug 2024 18:05:42 GMT
Date: Mon, 05 Aug 2024 16:17:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen29425

Size504 B (504 bytes)

MD53653abf0951eea060f104ae59d60cf7c

SHA175790e8c59cb78c77ab522e7dc7140b62a046bb9

SHA256d059eeda67b64dd02259f5a9352df39cc808e3f9e03068a434e0f6486814893d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D059EEDA67B64DD02259F5A9352DF39CC808E3F9E03068A434E0F6486814893D"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10488
Expires: Mon, 05 Aug 2024 19:12:47 GMT
Date: Mon, 05 Aug 2024 16:17:59 GMT
Connection: keep-alive

GET 40.119.213.159/

40.119.213.159

502 Bad Gateway

195 B

URL

40.119.213.159/

IP / ASN

40.119.213.159

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-06

Last Seen2025-03-01

Times Seen667

Size195 B (195 bytes)

MD5e0d1a4a70b7864dd9ba22ff15341cfa0

SHA132346cf022d83679b2f437eb9b02092168bafa8c

SHA256a76004959bdd8402fe10509e667dd20ad3e7390f6e8097cc44ef935c908e0e36

Certificate Info

IssuerMicrosoft Corporation

Subjectsmartscreen.microsoft.com

Fingerprint0C:62:DC:60:34:0F:A5:F0:94:E0:8B:C4:4F:39:94:BB:8C:E6:CC:83

ValiditySun, 26 May 2024 08:02:27 GMT - Wed, 21 May 2025 08:02:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 40.119.213.159
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: Microsoft-Azure-Application-Gateway/v2
Date: Mon, 05 Aug 2024 16:18:00 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
Location: https://40.119.213.159/

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen27770

Size504 B (504 bytes)

MD578be19d93b8add0d8f3c63b67e490038

SHA12ed9c5d656a70a78ced84cd8fedbf0dcceb35bd6

SHA256b8a162cbf6a846ccd9bd65a8744c313d48c66700352346c24777bdc1c2358726

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B8A162CBF6A846CCD9BD65A8744C313D48C66700352346C24777BDC1C2358726"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2663
Expires: Mon, 05 Aug 2024 17:02:24 GMT
Date: Mon, 05 Aug 2024 16:18:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen27770

Size504 B (504 bytes)

MD578be19d93b8add0d8f3c63b67e490038

SHA12ed9c5d656a70a78ced84cd8fedbf0dcceb35bd6

SHA256b8a162cbf6a846ccd9bd65a8744c313d48c66700352346c24777bdc1c2358726

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B8A162CBF6A846CCD9BD65A8744C313D48C66700352346C24777BDC1C2358726"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2663
Expires: Mon, 05 Aug 2024 17:02:24 GMT
Date: Mon, 05 Aug 2024 16:18:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen27770

Size504 B (504 bytes)

MD578be19d93b8add0d8f3c63b67e490038

SHA12ed9c5d656a70a78ced84cd8fedbf0dcceb35bd6

SHA256b8a162cbf6a846ccd9bd65a8744c313d48c66700352346c24777bdc1c2358726

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B8A162CBF6A846CCD9BD65A8744C313D48C66700352346C24777BDC1C2358726"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2663
Expires: Mon, 05 Aug 2024 17:02:24 GMT
Date: Mon, 05 Aug 2024 16:18:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen27770

Size504 B (504 bytes)

MD578be19d93b8add0d8f3c63b67e490038

SHA12ed9c5d656a70a78ced84cd8fedbf0dcceb35bd6

SHA256b8a162cbf6a846ccd9bd65a8744c313d48c66700352346c24777bdc1c2358726

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B8A162CBF6A846CCD9BD65A8744C313D48C66700352346C24777BDC1C2358726"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2663
Expires: Mon, 05 Aug 2024 17:02:24 GMT
Date: Mon, 05 Aug 2024 16:18:01 GMT
Connection: keep-alive

GET 40.119.213.159/

40.119.213.159

502 Bad Gateway

183 B

URL

40.119.213.159/

IP / ASN

40.119.213.159

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-05-25

Last Seen2025-08-01

Times Seen189

Size183 B (183 bytes)

MD5c3da608da09706b361dcd3a3023b2474

SHA185a06e1683a9dd5fd47efa7f249bdd7d51e65dc1

SHA25640c2149635ede9666f001c9d9135b0b4bf649986459e1c4c52e2c65e79f29d7d

Certificate Info

IssuerMicrosoft Corporation

Subjectsmartscreen.microsoft.com

Fingerprint0C:62:DC:60:34:0F:A5:F0:94:E0:8B:C4:4F:39:94:BB:8C:E6:CC:83

ValiditySun, 26 May 2024 08:02:27 GMT - Wed, 21 May 2025 08:02:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 40.119.213.159
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 502 Bad Gateway
server: Microsoft-Azure-Application-Gateway/v2
date: Mon, 05 Aug 2024 16:18:02 GMT
content-type: text/html
content-length: 183
X-Firefox-Spdy: h2

GET 40.119.213.159/favicon.ico

40.119.213.159

502 Bad Gateway

183 B

URL

40.119.213.159/favicon.ico

IP / ASN

40.119.213.159

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://40.119.213.159/

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-05-25

Last Seen2025-08-01

Times Seen189

Size183 B (183 bytes)

MD5c3da608da09706b361dcd3a3023b2474

SHA185a06e1683a9dd5fd47efa7f249bdd7d51e65dc1

SHA25640c2149635ede9666f001c9d9135b0b4bf649986459e1c4c52e2c65e79f29d7d

Certificate Info

IssuerMicrosoft Corporation

Subjectsmartscreen.microsoft.com

Fingerprint0C:62:DC:60:34:0F:A5:F0:94:E0:8B:C4:4F:39:94:BB:8C:E6:CC:83

ValiditySun, 26 May 2024 08:02:27 GMT - Wed, 21 May 2025 08:02:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 40.119.213.159
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://40.119.213.159/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 502 Bad Gateway
server: Microsoft-Azure-Application-Gateway/v2
date: Mon, 05 Aug 2024 16:18:03 GMT
content-type: text/html
content-length: 183
X-Firefox-Spdy: h2