Report - 192.99.98.109/

Report Overview

Submitted URL
192.99.98.109/
IP
192.99.98.109
ASN
#16276 OVH SAS
Submitted
2024-04-26 15:09:32
Access
public
Website Title
TwistedWave, an Audio Editor
Final URL
192.99.98.109/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
192.99.98.109	unknown	unknown	2015-03-17	2023-11-30	5.6 kB	410 kB	192.99.98.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed
2024-04-26	medium	192.99.98.109	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	192.99.98.109/js/retina.min.js	1.7 kB	2023-03-07	2024-04-26
Pretty URL 192.99.98.109/js/retina.min.js IP 192.99.98.109 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:03:00 Last Seen2024-04-26 17:09:38 Times Seen115 Hash 73671b01c9d273418780adc933b7b2f7 1d23a8da86466aee6cafd15f8bbf0f2f415c6a57 8e396f1ff78e58d5a07115dc6d12a2ddc77ff92418bdcffc8e0c875cca19e035 Loading...

	192.99.98.109/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-07
Pretty URL 192.99.98.109/js/jquery-3.3.1.min.js IP 192.99.98.109 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-07 16:46:14 Times Seen109305 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	192.99.98.109/bootstrap-4.3.1/js/bootstrap.min.js	58 kB	2023-03-07	2024-05-07
Pretty URL 192.99.98.109/bootstrap-4.3.1/js/bootstrap.min.js IP 192.99.98.109 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-07 16:41:52 Times Seen20510 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

HTTP Transactions (13)

URL IP Response Size

192.99.98.109/

192.99.98.109

200 OK

178 B

URL User Request GET HTTP/2
192.99.98.109/
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 15:09:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://192.99.98.109/
Strict-Transport-Security: max-age=31556900; includeSubDomains; preload
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

192.99.98.109/

192.99.98.109

200 OK

14 kB

URL User Request GET HTTP/2
192.99.98.109/
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14451 bytes)
Hash
828644df3b1d4468933cdac79a5bbe55
d93690cafa7de06ea5ae753a7ce6eda0e6a4d189
218cbd41973a712a264bd0738cc4453bf105316c5ef65cced1a8d22485b7cfaf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:08 GMT
content-type: text/html
last-modified: Fri, 02 Feb 2024 13:22:35 GMT
etag: W/"65bcec9b-1048"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/images/iPadiPhone300.jpg

192.99.98.109

200 OK

20 kB

URL GET HTTP/2
192.99.98.109/images/iPadiPhone300.jpg
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x212, components 3
Size
20 kB (20340 bytes)
Hash
46632f917f8ec7b083e0f5a1fc3d782b
14f37f0579a5b42a3aad6ed98d89542b0db33203
af733814f3324962e02a3f5a9c864b879cad1a5b4fed4c39deebc32e15b7fe17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/iPadiPhone300.jpg HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/jpeg
content-length: 20340
last-modified: Fri, 27 Apr 2012 15:25:37 GMT
etag: "4f9aba71-4f74"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/images/online300.jpg

192.99.98.109

200 OK

14 kB

URL GET HTTP/2
192.99.98.109/images/online300.jpg
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x193, components 3
Size
14 kB (14088 bytes)
Hash
eb80f5c9771bd638976116e9a4fea02d
5d35eb8675e143e1ee620caa20d138db4e8d159c
5c0b037dc54300ce8fca82bf4d274caf62d98b47c9f9fd5c78b8f8d74d648726

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/online300.jpg HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/jpeg
content-length: 14088
last-modified: Wed, 02 May 2012 12:06:24 GMT
etag: "4fa12340-3708"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/images/win300.jpg

192.99.98.109

200 OK

21 kB

URL GET HTTP/2
192.99.98.109/images/win300.jpg
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 300x169, components 3
Size
21 kB (20569 bytes)
Hash
77e69ddfa37d4cb06ec3a35d681c7408
a8d5bfb0b4c8e7a58f9c4b70ed00557787a01394
155f5d18cd6fa929d5c3169d62aed3093c546f66a3703504695d711b2b461291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/win300.jpg HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/jpeg
content-length: 20569
last-modified: Mon, 04 Apr 2022 15:13:28 GMT
etag: "624b0b18-5059"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/css/main.css

192.99.98.109

200 OK

6.6 kB

URL GET HTTP/2
192.99.98.109/css/main.css
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
gzip compressed data, max speed, from Unix
Size
6.6 kB (6585 bytes)
Hash
9e9aa330255abbc8cb05b25bb36012cd
b3240acfa0e92d8b64e89d27dbec9cd099c8d9c5
3ca63876f5d16a862057263c0ef8975de7094ae06cc50b642804f1a11b198d74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: text/css
last-modified: Tue, 16 Apr 2024 13:16:54 GMT
etag: W/"661e7a46-182d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/favicon.ico

192.99.98.109

200 OK

894 B

URL GET HTTP/2
192.99.98.109/favicon.ico
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Size
894 B (894 bytes)
Hash
abbdf08da92e738742ee1411e8cb9f52
522fb8a12a88af52f570ceff1836c9d567f8e3be
44b66a9b4f483a9c0db7713a5ee34180688ab067faeecdc4ae423f00759b5a5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/x-icon
content-length: 894
last-modified: Fri, 23 Feb 2024 11:54:09 GMT
etag: "65d88761-37e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self'; script-src 'self'; worker-src 'self'; img-src 'self'; media-src 'self'; font-src 'self'; object-src 'self'; frame-src 'self'; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/js/jquery-3.3.1.min.js

192.99.98.109

200 OK

87 kB

URL GET HTTP/2
192.99.98.109/js/jquery-3.3.1.min.js
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-3.3.1.min.js HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: application/javascript
last-modified: Mon, 18 Feb 2019 09:22:53 GMT
etag: W/"5c6a796d-1538f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/bootstrap-4.3.1/js/bootstrap.min.js

192.99.98.109

200 OK

58 kB

URL GET HTTP/2
192.99.98.109/bootstrap-4.3.1/js/bootstrap.min.js
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JavaScript source, ASCII text, with very long lines (57791)
Size
58 kB (58072 bytes)
Hash
e1d98d47689e00f8ecbc5d9f61bdb42e
6778fed3cf095a318141a31f455c8f4663885bde
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap-4.3.1/js/bootstrap.min.js HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: application/javascript
last-modified: Fri, 15 Feb 2019 13:10:45 GMT
etag: W/"5c66ba55-e2d8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/images/mac300.jpg

192.99.98.109

200 OK

13 kB

URL GET HTTP/2
192.99.98.109/images/mac300.jpg
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x181, components 3
Size
13 kB (13045 bytes)
Hash
579fbbaac90b29f767d684f6cf0c7d71
eaa767b3c7265a91d1476611fcbb08f1abb07119
035cb9170a9104112897f90cdee6bc1a3b56705347ef96632a62f369965a51c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/mac300.jpg HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/jpeg
content-length: 13045
last-modified: Fri, 27 Apr 2012 16:09:14 GMT
etag: "4f9ac4aa-32f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/js/retina.min.js

192.99.98.109

200 OK

1.7 kB

URL GET HTTP/2
192.99.98.109/js/retina.min.js
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
JavaScript source, ASCII text, with very long lines (1668), with no line terminators
Size
1.7 kB (1658 bytes)
Hash
40cc1754f4663c76894c504221e71fde
2477592ebe3aee2f148b2fd52b483b5dafb1f50e
654cedf3e11c48ef274625008e4027fbb849de74a6d3225133b64ef9fb1b4ea7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/retina.min.js HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: application/javascript
last-modified: Fri, 15 Feb 2019 12:52:48 GMT
etag: W/"5c66b620-67a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/bootstrap-4.3.1/css/bootstrap.min.css

192.99.98.109

200 OK

156 kB

URL GET HTTP/2
192.99.98.109/bootstrap-4.3.1/css/bootstrap.min.css
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155758 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap-4.3.1/css/bootstrap.min.css HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: text/css
last-modified: Fri, 15 Feb 2019 13:10:45 GMT
etag: W/"5c66ba55-2606e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
content-encoding: gzip
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

192.99.98.109/images/tw.png

192.99.98.109

200 OK

4.3 kB

URL GET HTTP/2
192.99.98.109/images/tw.png
IP
192.99.98.109:443
ASN
#16276 OVH SAS

Requested by
https://192.99.98.109/
Certificate
IssuerLet's Encrypt
Subjecttwistedwave.com
Fingerprint5D:73:1C:9A:25:B4:4D:17:84:FB:63:DA:7C:32:6D:2D:5E:57:48:42
ValidityThu, 25 Apr 2024 19:00:56 GMT - Wed, 24 Jul 2024 19:00:55 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
4.3 kB (4300 bytes)
Hash
a9fd628a836a1ab3ac3da522ec1e9fdf
d54d8aef8c383e26ae43ef70300e0930dcf53983
6b26ff043f6c6dc1eb8b836a6bd42ac55b479df945497447a0fad835b9ab6f8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/tw.png HTTP/1.1
Host: 192.99.98.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://192.99.98.109/css/main.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 26 Apr 2024 15:09:09 GMT
content-type: image/png
content-length: 4300
last-modified: Fri, 27 Apr 2012 14:26:19 GMT
etag: "4f9aac8b-10cc"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri
accept-ranges: bytes
strict-transport-security: max-age=31556900; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by