Report - 119.91.61.79/loginjs/BT/loginHioBT.js?adv=0.21521051062193686

Report Overview

Visitedpublic

2024-07-19 04:28:58

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-18 18:12:17	2.3 kB	6.2 kB	23.36.77.32
119.91.61.79	unknown	unknown	No data	No data	814 B	9.3 kB	119.91.61.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-19	medium	119.91.61.79	Sinkholed
2024-07-19	medium	119.91.61.79	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen12184

Size504 B (504 bytes)

MD52c174cd9de141b9f3330d869df450834

SHA1251c8d7aa8126bfb9fa4c164ebb067b8929486f8

SHA256e79c4bb4566914535b10c91563e36d1768f5fc8e1933392cf130e2f4d776e296

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E79C4BB4566914535B10C91563E36D1768F5FC8E1933392CF130E2F4D776E296"
Last-Modified: Thu, 18 Jul 2024 08:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10009
Expires: Fri, 19 Jul 2024 07:15:08 GMT
Date: Fri, 19 Jul 2024 04:28:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen16000

Size504 B (504 bytes)

MD5df89293c476ae09fa6ea5ee32b70224e

SHA1e684c88f3ffd36b50489c5391a3637218329e080

SHA2561a09f23c5518140b3792a6c0729e19f7cd9c728016840567f7068b7df5bccb81

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A09F23C5518140B3792A6C0729E19F7CD9C728016840567F7068B7DF5BCCB81"
Last-Modified: Thu, 18 Jul 2024 08:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14475
Expires: Fri, 19 Jul 2024 08:29:34 GMT
Date: Fri, 19 Jul 2024 04:28:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen26255

Size504 B (504 bytes)

MD5ba83fc82f22d464fbc0a613d3224fdef

SHA1b8d2b3e057c0d01c05e3891f5b5cdaf09e001d3b

SHA25617205f996d5ce1462adb970516597f51763582906181b875e45b5b7535f38b8f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "17205F996D5CE1462ADB970516597F51763582906181B875E45B5B7535F38B8F"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Fri, 19 Jul 2024 05:13:56 GMT
Date: Fri, 19 Jul 2024 04:28:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen27002

Size504 B (504 bytes)

MD542e531d59be85c09ecc215208470d19e

SHA175ec72c8c8e1de19407837d46d2ad7119770cdb0

SHA25638125115e22a9a58bf2df205bb09ae6c6fef4948b9de15b2f15f37d19aedf6a9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "38125115E22A9A58BF2DF205BB09AE6C6FEF4948B9DE15B2F15F37D19AEDF6A9"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9962
Expires: Fri, 19 Jul 2024 07:14:21 GMT
Date: Fri, 19 Jul 2024 04:28:19 GMT
Connection: keep-alive

GET 119.91.61.79/loginjs/BT/loginHioBT.js?adv=0.21521051062193686

119.91.61.79

200 OK

8.7 kB

URL User Request GET HTTP

119.91.61.79/loginjs/BT/loginHioBT.js?adv=0.21521051062193686

IP / ASN

119.91.61.79

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size8.7 kB (8653 bytes)

MD52b1cd867c4c33a139cf8e12b0807700c

SHA1b7f7a72bb3b86c5a91a17625e32ffec4b1b484b7

SHA25654fa99a0c1440f05acbec4ed50e4b155e6983f1431342c82dfe30fe805fda30c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /loginjs/BT/loginHioBT.js?adv=0.21521051062193686 HTTP/1.1
Host: 119.91.61.79
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Jul 2024 04:28:20 GMT
Content-Type: application/javascript
Last-Modified: Sat, 23 Mar 2024 06:07:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65fe719d-7335"
Expires: Fri, 19 Jul 2024 16:28:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

GET 119.91.61.79/favicon.ico

119.91.61.79

404 Not Found

146 B

URL GET HTTP

119.91.61.79/favicon.ico

IP / ASN

119.91.61.79

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested byhttp://119.91.61.79/loginjs/BT/loginHioBT.js?adv=0.21521051062193686

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-07

Times Seen213112

Size146 B (146 bytes)

MD58eec510e57f5f732fd2cce73df7b73ef

SHA13c0af39ecb3753c5fee3b53d063c7286019eac3b

SHA25655f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 119.91.61.79
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://119.91.61.79/loginjs/BT/loginHioBT.js?adv=0.21521051062193686
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 19 Jul 2024 04:28:21 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen27553

Size504 B (504 bytes)

MD59041c7b14ed56a170760ee187e59cb3d

SHA14334c89d4af87a7d10b7cfd712cf6494bcbf2f04

SHA256da6d4b1554585f827dbf6b29b44389dc9d1b7ea24ac0bc5b078dcc7fc5c4e148

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DA6D4B1554585F827DBF6B29B44389DC9D1B7EA24AC0BC5B078DCC7FC5C4E148"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13137
Expires: Fri, 19 Jul 2024 08:07:18 GMT
Date: Fri, 19 Jul 2024 04:28:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen27553

Size504 B (504 bytes)

MD59041c7b14ed56a170760ee187e59cb3d

SHA14334c89d4af87a7d10b7cfd712cf6494bcbf2f04

SHA256da6d4b1554585f827dbf6b29b44389dc9d1b7ea24ac0bc5b078dcc7fc5c4e148

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DA6D4B1554585F827DBF6B29B44389DC9D1B7EA24AC0BC5B078DCC7FC5C4E148"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13218
Expires: Fri, 19 Jul 2024 08:08:39 GMT
Date: Fri, 19 Jul 2024 04:28:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen27553

Size504 B (504 bytes)

MD59041c7b14ed56a170760ee187e59cb3d

SHA14334c89d4af87a7d10b7cfd712cf6494bcbf2f04

SHA256da6d4b1554585f827dbf6b29b44389dc9d1b7ea24ac0bc5b078dcc7fc5c4e148

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DA6D4B1554585F827DBF6B29B44389DC9D1B7EA24AC0BC5B078DCC7FC5C4E148"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13137
Expires: Fri, 19 Jul 2024 08:07:18 GMT
Date: Fri, 19 Jul 2024 04:28:21 GMT
Connection: keep-alive