Report - pqr.20240204365k.vip/,N/A,https:/openphish.com/feed.txt

Report Overview

Visitedpublic

2024-09-25 13:25:36

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-25 09:32:11	1.3 kB	3.6 kB	23.33.119.27
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-25 01:59:50	654 B	1.8 kB	23.33.119.27
pqr.20240204365k.vip	unknown	2024-02-04	2024-07-20 13:58:05	2024-09-24 15:34:42	509 B	331 B	20.239.97.157
	unknown				911 B	1.5 kB	20.239.97.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-09-24	medium	pqr.20240204365k.vip/	Bet365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-25	medium	20240204365k.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-23

Last Seen2024-09-28

Times Seen30040

Size504 B (504 bytes)

MD572e206e9b89445fb2fb4031a6abe6169

SHA1a18bebfb86a71685bd817c15e348cfb5ea438c72

SHA256856f85441e043130f88668be6cf68110187856f17999bddc4332437d383c79b6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "856F85441E043130F88668BE6CF68110187856F17999BDDC4332437D383C79B6"
Last-Modified: Mon, 23 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3647
Expires: Wed, 25 Sep 2024 14:25:57 GMT
Date: Wed, 25 Sep 2024 13:25:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-25

Last Seen2024-09-28

Times Seen2471

Size504 B (504 bytes)

MD58561f6c5f82d57ce35075e29e8633aac

SHA1a37923385834db53ec3f63d0981fa9cc5d8ef548

SHA2567f437888e6636785f118d4a7886151268f7bd9de31cbd6164de33e610875ef19

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7F437888E6636785F118D4A7886151268F7BD9DE31CBD6164DE33E610875EF19"
Last-Modified: Wed, 25 Sep 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5658
Expires: Wed, 25 Sep 2024 14:59:28 GMT
Date: Wed, 25 Sep 2024 13:25:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-25

Last Seen2024-09-28

Times Seen4856

Size504 B (504 bytes)

MD5b864476fa0457236e163a06e1cad5279

SHA1e9acc26214498b6861058be05885f07275075406

SHA25655fa8283fbd284a294b1853b35eb0bbbdfd3dd6de3cb3ebf441f0a7f6296d41d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "55FA8283FBD284A294B1853B35EB0BBBDFD3DD6DE3CB3EBF441F0A7F6296D41D"
Last-Modified: Wed, 25 Sep 2024 10:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15635
Expires: Wed, 25 Sep 2024 17:45:45 GMT
Date: Wed, 25 Sep 2024 13:25:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-25

Last Seen2024-09-28

Times Seen16176

Size504 B (504 bytes)

MD5c5df97c10e9a37c02e8e12b302465464

SHA1b0d9b31bb7dd48f11b58e6f1833798e45dc5a862

SHA256350fb41eb348dc3b30943b357e089a3cd9dcc9670285c29485ba02a38ebcbc15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "350FB41EB348DC3B30943B357E089A3CD9DCC9670285C29485BA02A38EBCBC15"
Last-Modified: Wed, 25 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12225
Expires: Wed, 25 Sep 2024 16:48:55 GMT
Date: Wed, 25 Sep 2024 13:25:10 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-28

Last Seen2024-09-28

Times Seen2

Size504 B (504 bytes)

MD546775f669b36b95ee20cf703e7c5f96a

SHA116272cb4000ace7a8d36d2bfddfbaa37f2ad7968

SHA256c66f8f962130a6fcae6ae12d99d188bc344ea05e4a0bb6a9fdd7ec533b9d12c6

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C66F8F962130A6FCAE6AE12D99D188BC344EA05E4A0BB6A9FDD7EC533B9D12C6"
Last-Modified: Tue, 24 Sep 2024 15:08:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21211
Expires: Wed, 25 Sep 2024 19:18:42 GMT
Date: Wed, 25 Sep 2024 13:25:11 GMT
Connection: keep-alive

GET pqr.20240204365k.vip/,N/A,https:/openphish.com/feed.txt

20.239.97.157

301 Moved Permanently

103 B

URL

pqr.20240204365k.vip/,N/A,https:/openphish.com/feed.txt

IP / ASN

20.239.97.157

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2024-09-28

Last Seen2024-09-28

Times Seen1

Size103 B (103 bytes)

MD52fa81f277626eb8e740204dcf32c931e

SHA1ea9a418d65ec3b8e8b18667ce22e94f68c60f912

SHA256c66a3440a50aa130d6c4c506d69975e2f376194586ad76ba135d7fb7cc905146

Certificate Info

IssuerLet's Encrypt

Subjectpqr.20240204365k.vip

FingerprintDE:BA:FD:47:3A:94:7D:E2:4A:CB:CF:AD:21:DE:C9:60:53:7C:0F:81

ValidityThu, 11 Jul 2024 16:10:52 GMT - Wed, 09 Oct 2024 16:10:51 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /,N/A,https:/openphish.com/feed.txt HTTP/1.1
Host: pqr.20240204365k.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
location: https://pqr.20240204365k.vip:8989/,N/A,https:/openphish.com/feed.txt
content-length: 103
date: Wed, 25 Sep 2024 13:25:11 GMT
X-Firefox-Spdy: h2

GET pqr.20240204365k.vip:8989/,N/A,https:/openphish.com/feed.txt

20.239.97.157

400 Bad Request

1.1 kB

URL

pqr.20240204365k.vip:8989/,N/A,https:/openphish.com/feed.txt

IP / ASN

20.239.97.157

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text

First Seen2023-06-27

Last Seen2025-07-24

Times Seen331

Size1.1 kB (1141 bytes)

MD5fa91b86293c33848631cd835a31ace19

SHA1cb09293e76fa97e8b0fdf4639b9b091689a962e0

SHA2568a4942489ea9d6e193b1baa3b3b84d0fcc46c99cf2f07e611698cf9bfc501365

HTTP Headers

GET /,N/A,https:/openphish.com/feed.txt HTTP/1.1
Host: pqr.20240204365k.vip:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 25 Sep 2024 13:25:12 GMT
etag: W/"6486cd02-746"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 1141
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.33.119.27

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-25

Last Seen2024-09-28

Times Seen21781

Size504 B (504 bytes)

MD5c16a3fe398c09ad4d309c60911d6a6b6

SHA1dc1148076d45d128cb6d0780ac0467aeba0902e9

SHA2565bd5f6cc031865b327cd4987c09f2266f9b994cc967eb6cf75bab5a58bcb7230

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5BD5F6CC031865B327CD4987C09F2266F9B994CC967EB6CF75BAB5A58BCB7230"
Last-Modified: Wed, 25 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6940
Expires: Wed, 25 Sep 2024 15:20:52 GMT
Date: Wed, 25 Sep 2024 13:25:12 GMT
Connection: keep-alive

GET pqr.20240204365k.vip:8989/favicon.ico

20.239.97.157

400 Bad Request

48 B

URL

pqr.20240204365k.vip:8989/favicon.ico

IP / ASN

20.239.97.157

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttp://pqr.20240204365k.vip:8989/,N/A,https:/openphish.com/feed.txt

Resource Info

File typeASCII text

First Seen2023-05-02

Last Seen2025-08-01

Times Seen1306

Size48 B (48 bytes)

MD5b634668f41ef53ef6d608dc70c4e0dcb

SHA1d56b41edced83968087065f2e8edf65e592ebadc

SHA2567a1fabf227903297428f36da3b3547d91e308a992063271e8fe1a4f1e1e6cd26

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pqr.20240204365k.vip:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pqr.20240204365k.vip:8989/,N/A,https:/openphish.com/feed.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 400 Bad Request