Report - cdn.klimedia.space/lb/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz

Report Overview

Visited public
2024-07-10 16:47:36
Tags
URL
cdn.klimedia.space/lb/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz
Finishing URL
about:privatebrowsing
IP / ASN
185.252.146.181
#204997 First Server Limited
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-09 18:12:41	2.3 kB	6.2 kB	23.36.76.226
cdn.klimedia.space	unknown	2023-07-01	2023-09-09 16:01:48	2023-09-27 17:23:42	870 B	1.3 kB	185.252.146.181
89.248.192.87	unknown	unknown	2022-02-07 15:35:51	2023-05-04 20:24:33	857 B	1.5 kB	89.248.192.87

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-10	medium	89.248.192.87	Sinkholed
2024-07-10	medium	89.248.192.87	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b34ca6af54e2b9fea57d418f5d1928f7
510b69f4470789a573217726d6f1a3d6ee765460
41e6a348aac9e9db44bfa14b3aa29d411f4489b375ae1f1be6b0d280af98541d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41E6A348AAC9E9DB44BFA14B3AA29D411F4489B375AE1F1BE6B0D280AF98541D"
Last-Modified: Mon, 08 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4081
Expires: Wed, 10 Jul 2024 17:55:11 GMT
Date: Wed, 10 Jul 2024 16:47:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e08576e0904dc9903a9c20fa9e3d15b8
74feff76140500fd4a61e89c7e9d8d0a60df1183
ee690bacddf55fd12ae0c9c39e330e0a1a18776b9edc91b4aa6c5bae28824f1e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EE690BACDDF55FD12AE0C9C39E330E0A1A18776B9EDC91B4AA6C5BAE28824F1E"
Last-Modified: Tue, 09 Jul 2024 15:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Wed, 10 Jul 2024 17:52:13 GMT
Date: Wed, 10 Jul 2024 16:47:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e7492695b5254a3a63fcffb4f1ee8cec
0361713c6d8129210245347284c7c6babfd28fb7
5d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F"
Last-Modified: Tue, 09 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14845
Expires: Wed, 10 Jul 2024 20:54:35 GMT
Date: Wed, 10 Jul 2024 16:47:10 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fc076d7a99abd74b9da6b35304bb93e9
9d541501d5141dcf7b4d839d6fcffabec81e1a14
c86804eff01a7bb9ff866508bfdb1b071cfa4a26617d11094b9f5226e1a4b970

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C86804EFF01A7BB9FF866508BFDB1B071CFA4A26617D11094B9F5226E1A4B970"
Last-Modified: Tue, 09 Jul 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12762
Expires: Wed, 10 Jul 2024 20:19:52 GMT
Date: Wed, 10 Jul 2024 16:47:10 GMT
Connection: keep-alive

cdn.klimedia.space/lb/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz

185.252.146.181

302 Found

106 B

URL User Request GET HTTP/1.1
cdn.klimedia.space/lb/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz
IP
185.252.146.181:80
ASN
#204997 First Server Limited

File type
ASCII text
Size
106 B (106 bytes)
Hash
520368eb98bf865c73243f218b9aedf2
51de8f0dfcc0350595f8547c5ae28cf77d63b4b8
6e05a710459af260015500a1e3f06a10e5559933020aee8fdd572c81d44b1aa9

HTTP Headers

GET /lb/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz HTTP/1.1
Host: cdn.klimedia.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Date: Wed, 10 Jul 2024 16:47:10 GMT
Content-Length: 106
Server: Streamer 22.10
X-Route-Time: 424
X-Run-Time: 186
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS
Access-Control-Expose-Headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location
Access-Control-Allow-Headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid
Location: http://89.248.192.87:80/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz

89.248.192.87/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz

89.248.192.87

302 Found

55 B

URL User Request GET HTTP/1.1
89.248.192.87/DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz
IP
89.248.192.87:80
ASN
#49505 OOO Network of data-centers Selectel

File type
ASCII text
Size
55 B (55 bytes)
Hash
cda0da20deda4e47fdde98f501c7e46c
4cadf3471d5fe423c8246abd489f990e31065e54
c75ec2522104c8aefbd0dbb657e1398e40caa81858872f2b5736a94ad324cd66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /DFQLJwlLg4/index.m3u8?token=klimedia.space:c2FtYWxldDE5Nzk6MDc3Nzg1NTIz HTTP/1.1
Host: 89.248.192.87
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Date: Wed, 10 Jul 2024 16:47:10 GMT
Content-Length: 55
Server: Streamer 22.10
X-Route-Time: 82556
X-Run-Time: 4
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS
Access-Control-Expose-Headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location
Access-Control-Allow-Headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid
Location: http://cdn.klimedia.space/expired/index.m3u8

cdn.klimedia.space/expired/index.m3u8

185.252.146.181

302 Found

53 B

URL User Request GET HTTP/1.1
cdn.klimedia.space/expired/index.m3u8
IP
185.252.146.181:80
ASN
#204997 First Server Limited

File type
ASCII text
Size
53 B (53 bytes)
Hash
1e9fe8925a48b5fb5d6ef5a3d71200de
0b3a593f06cb84e2db59376fe2eff410eb3b5d27
1c7d745ff545b627e8bc6351c3b4e1e49ab694b42938f77cfa872fb5ea6551a3

HTTP Headers

GET /expired/index.m3u8 HTTP/1.1
Host: cdn.klimedia.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Date: Wed, 10 Jul 2024 16:47:11 GMT
Content-Length: 53
Server: Streamer 22.10
X-Route-Time: 245
X-Run-Time: 52
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS
Access-Control-Expose-Headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location
Access-Control-Allow-Headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid
Location: http://89.248.192.87:80/expired/index.m3u8

89.248.192.87/expired/index.m3u8

89.248.192.87

175 B

URL User Request GET
89.248.192.87/expired/index.m3u8
IP
89.248.192.87:0
ASN
#49505 OOO Network of data-centers Selectel

File type
M3U playlist, ASCII text
Size
175 B (175 bytes)
Hash
cf4cda5999d1ba53ef5b242f2a1ed575
273b099a4e02b8ec697f38b09dacd923a9a8bdce
ff7dc13960023160f939405327e79392d5ef1abba1751c8e1739083b1bd5c4cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /expired/index.m3u8 HTTP/1.1
Host: 89.248.192.87
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Date: Wed, 10 Jul 2024 16:47:11 GMT
Content-Length: 175
Server: Streamer 22.10
X-Route-Time: 45784
X-Run-Time: 74
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS
Access-Control-Expose-Headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location
Access-Control-Allow-Headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid
X-Sid: 668ebb0f-4bfb-4109-8d98-05f906959024
Content-Encoding: gzip
Content-Type: application/vnd.apple.mpegurl
Cache-Control: no-cache
Pragma: no-cache
X-Media-Info-Time: 27
X-Prepare-Time: 44

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7b2c37e4b6c062d80ad32046f42d3d8
131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c
317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2"
Last-Modified: Mon, 08 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8718
Expires: Wed, 10 Jul 2024 19:12:30 GMT
Date: Wed, 10 Jul 2024 16:47:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7b2c37e4b6c062d80ad32046f42d3d8
131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c
317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2"
Last-Modified: Mon, 08 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8718
Expires: Wed, 10 Jul 2024 19:12:30 GMT
Date: Wed, 10 Jul 2024 16:47:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7b2c37e4b6c062d80ad32046f42d3d8
131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c
317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2"
Last-Modified: Mon, 08 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8718
Expires: Wed, 10 Jul 2024 19:12:30 GMT
Date: Wed, 10 Jul 2024 16:47:12 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL