Report - 103.254.153.18/speedtest/10000mb.bin

Report Overview

Visited public
2024-08-18 20:29:14
Tags
URL
103.254.153.18/speedtest/10000mb.bin
Finishing URL
103.254.153.18/speedtest/10000mb.bin
IP / ASN
103.254.153.18
#59253 Leaseweb Asia Pacific pte. ltd.
Title
403 Forbidden - mirror.sin1.sg.leaseweb.net | powered by Leaseweb

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
r11.o.lencr.org	unknown	1.3 kB	3.5 kB	23.36.76.249
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.76.226
103.254.153.18	unknown	2.2 kB	32 kB	103.254.153.18

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-18 20:28:52	medium	Client IP	103.254.153.18	ET HUNTING Generic .bin download from Dotted Quad

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-18	medium	103.254.153.18	Sinkholed
2024-08-18	medium	103.254.153.18	Sinkholed
2024-08-18	medium	103.254.153.18	Sinkholed
2024-08-18	medium	103.254.153.18	Sinkholed
2024-08-18	medium	103.254.153.18	Sinkholed
2024-08-18	medium	103.254.153.18	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	103.254.153.18/html/js/default.js	ScriptElement	636 B	2024-06-13	2024-09-19
Pretty URL 103.254.153.18/html/js/default.js IP 103.254.153.18 ASN #59253 Leaseweb Asia Pacific pte. ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-13 21:11 Last Seen2024-09-19 20:40 Times Seen10 Hash 4a446df66f8e46273377b44f2fce6fcc 873ca386de0f9c153c825917f9d3dc2420ec1c38 6ecb425a1429a7fcb9efc18183b5f5847bc6b3d529f7092d84d8d3d1cc40d7c6 Loading...

	103.254.153.18/speedtest/10000mb.bin	ScriptElement	0 B	0001-01-01	2025-06-13
Pretty URL 103.254.153.18/speedtest/10000mb.bin IP 103.254.153.18 ASN #59253 Leaseweb Asia Pacific pte. ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-13 04:54 Times Seen4939185 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - 729cf7b985179ea1ef2aac2d8dc81789	81 B	2024-06-13 21:11	2024-09-19 20:40
Pretty Observations First Seen2024-06-13 21:11 Last Seen2024-09-19 20:40 Times Seen10 Hash 729cf7b985179ea1ef2aac2d8dc81789 4f250c05be03a7d97d2f917404e2d8c1a3d24fc7 f84e27cbce997bc6c42cd2e4ae82e82a2f5b821804fcfabdda329c0d18308a75 Loading...

HTTP Transactions (13)

URL IP Response Size

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
219f59137337a0ee601729cab5ec83f6
85f2e3496820405559fd526b44b9a915e0009a4f
f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Sun, 18 Aug 2024 22:01:53 GMT
Date: Sun, 18 Aug 2024 20:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9fca859eba50e585d7c1550a61d33bc3
a33940f9c83807660f212e5ff511fe28e0413c0d
08afcf8f1ad63cfd72b781cf4c69900e3fd266ee46389de3918570cf5d682f30

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "08AFCF8F1AD63CFD72B781CF4C69900E3FD266EE46389DE3918570CF5D682F30"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3907
Expires: Sun, 18 Aug 2024 21:33:56 GMT
Date: Sun, 18 Aug 2024 20:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
69a9603269726ce602d708bf57058c4c
8689e9ea81ea9636e7b08c3ed42650553a0c4e3b
1a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897"
Last-Modified: Sat, 17 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6211
Expires: Sun, 18 Aug 2024 22:12:20 GMT
Date: Sun, 18 Aug 2024 20:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
18f75729f3e25e2eb7f12b70dfce3849
479177b92dda7c4e8763c80a15cbc71c3386d06c
0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A"
Last-Modified: Sun, 18 Aug 2024 15:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3042
Expires: Sun, 18 Aug 2024 21:19:31 GMT
Date: Sun, 18 Aug 2024 20:28:49 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5843
Expires: Sun, 18 Aug 2024 22:06:14 GMT
Date: Sun, 18 Aug 2024 20:28:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5843
Expires: Sun, 18 Aug 2024 22:06:14 GMT
Date: Sun, 18 Aug 2024 20:28:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5843
Expires: Sun, 18 Aug 2024 22:06:14 GMT
Date: Sun, 18 Aug 2024 20:28:51 GMT
Connection: keep-alive

103.254.153.18/speedtest/10000mb.bin

103.254.153.18

403 Forbidden

6.1 kB

URL User Request GET HTTP/1.1
103.254.153.18/speedtest/10000mb.bin
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1007)
Size
6.1 kB (6063 bytes)
Hash
e5c3977e4df5cd997493062f6318127a
810c1883114fcd0b85025610d2d73aece572a9a8
c86bda3f61ab13d6717f823ee709c6a6d7625847da39c1a4a9083b497b4d1e3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET HUNTING Generic .bin download from Dotted Quad

HTTP Headers

GET /speedtest/10000mb.bin HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Sun, 18 Aug 2024 20:28:52 GMT
Content-Type: text/html
Content-Length: 6063
Connection: keep-alive
ETag: "65fdf8f5-17af"

103.254.153.18/html/css/default.css

103.254.153.18

200 OK

2.9 kB

URL GET HTTP/1.1
103.254.153.18/html/css/default.css
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

Requested by
http://103.254.153.18/speedtest/10000mb.bin

File type
ASCII text
Size
2.9 kB (2889 bytes)
Hash
612be9dc865abb76ccddaa0cdc61bf73
bd4bd054b3d6dd9e9dcac892e50f8f9c913bc30f
0ccd87f2971ca8ed296fded87d062043377ea625085f0fa9c1053a6f8c511ccc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/css/default.css HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.254.153.18/speedtest/10000mb.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Aug 2024 20:28:52 GMT
Content-Type: text/css
Content-Length: 2889
Last-Modified: Wed, 30 Nov 2022 10:47:10 GMT
Connection: keep-alive
ETag: "638734ae-b49"
Accept-Ranges: bytes

103.254.153.18/html/js/default.js

103.254.153.18

200 OK

636 B

URL GET HTTP/1.1
103.254.153.18/html/js/default.js
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

Requested by
http://103.254.153.18/speedtest/10000mb.bin

File type
ASCII text
Size
636 B (636 bytes)
Hash
4a446df66f8e46273377b44f2fce6fcc
873ca386de0f9c153c825917f9d3dc2420ec1c38
6ecb425a1429a7fcb9efc18183b5f5847bc6b3d529f7092d84d8d3d1cc40d7c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/js/default.js HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.254.153.18/speedtest/10000mb.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Aug 2024 20:28:52 GMT
Content-Type: application/javascript
Content-Length: 636
Last-Modified: Wed, 30 Nov 2022 10:47:10 GMT
Connection: keep-alive
ETag: "638734ae-27c"
Accept-Ranges: bytes

103.254.153.18/html/img/leaseweb_logo.png

103.254.153.18

200 OK

5.4 kB

URL GET HTTP/1.1
103.254.153.18/html/img/leaseweb_logo.png
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

Requested by
http://103.254.153.18/speedtest/10000mb.bin

File type
PNG image data, 160 x 55, 8-bit/color RGBA, non-interlaced
Size
5.4 kB (5354 bytes)
Hash
9cf0463d9cca7b9fbbc3975777d966bc
4a6e118d93c2dbffe5f53516ae83945e080349cf
a3105f6dad8f324ed295dd5fcd27178024bb52e5671223fb700f07bea0c8c5ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/img/leaseweb_logo.png HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.254.153.18/speedtest/10000mb.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Aug 2024 20:28:53 GMT
Content-Type: image/png
Content-Length: 5354
Last-Modified: Thu, 13 Feb 2020 12:39:29 GMT
Connection: keep-alive
ETag: "5e454381-14ea"
Accept-Ranges: bytes

103.254.153.18/html/img/lsw_bg.jpg

103.254.153.18

200 OK

468 B

URL GET HTTP/1.1
103.254.153.18/html/img/lsw_bg.jpg
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

Requested by
http://103.254.153.18/speedtest/10000mb.bin

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1260x2, components 3
Size
468 B (468 bytes)
Hash
ccd8cbe3a7b6ef1ca7727a187180df7c
22c6afac67815985cc46355afe4510d75c179e6a
49555eae67fabaf9f5180d3f95c651cc34cf49bb8116e64b8ec06b3840dca20c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/img/lsw_bg.jpg HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.254.153.18/html/css/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Aug 2024 20:28:53 GMT
Content-Type: image/jpeg
Content-Length: 468
Last-Modified: Thu, 13 Feb 2020 12:39:29 GMT
Connection: keep-alive
ETag: "5e454381-1d4"
Accept-Ranges: bytes

103.254.153.18/html/img/favicon.ico

103.254.153.18

200 OK

15 kB

URL GET HTTP/1.1
103.254.153.18/html/img/favicon.ico
IP
103.254.153.18:80
ASN
#59253 Leaseweb Asia Pacific pte. ltd.

Requested by
http://103.254.153.18/speedtest/10000mb.bin

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
7d3e152f2fa4916bc1ea9a6c6207f3d4
e14bcb42a6b7df8bddd92830d8cda1c35d4808d5
3462c1157e1a6c86bdd01260b66d48e868115cebb4c80c576435c3c10cfae762

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/img/favicon.ico HTTP/1.1
Host: 103.254.153.18
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.254.153.18/speedtest/10000mb.bin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Aug 2024 20:28:53 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Thu, 13 Feb 2020 12:39:29 GMT
Connection: keep-alive
ETag: "5e454381-3aee"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1