Report - 213.194.160.223/

Report Overview

Submitted URL
213.194.160.223/
IP
213.194.160.223
ASN
#15704 Xtra Telecom S.A.
Submitted
2024-05-04 23:01:02
Access
public
Website Title
Login
Final URL
213.194.160.223/doc/page/login.asp
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-04-26	366 B	326 B	54.230.111.49
213.194.160.223	unknown	unknown	No data	No data	7.8 kB	402 kB	213.194.160.223

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed
2024-05-04	medium	213.194.160.223	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	213.194.160.223/doc/script/login.js	5.3 kB	2023-03-13	2024-05-15
Pretty URL 213.194.160.223/doc/script/login.js IP 213.194.160.223 ASN #15704 Xtra Telecom S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 00:22:41 Last Seen2024-05-15 23:47:11 Times Seen15 Hash 7d505c9f41c29c89555421a0592f5007 126165f76957b56a644655a28bf347d05d3878be e9c8959037029ddcb113c3d9579098bbac4b857628dcb7c84cdc41fb13ec3a74 Loading...

	213.194.160.223/doc/script/jquery.cookie.js	3.8 kB	2023-03-08	2024-05-17
Pretty URL 213.194.160.223/doc/script/jquery.cookie.js IP 213.194.160.223 ASN #15704 Xtra Telecom S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:07:58 Last Seen2024-05-17 12:36:09 Times Seen519 Hash a479f46b2a66d5772f839cdf20c24898 dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1 087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148 Loading...

	213.194.160.223/doc/script/common.js	43 kB	2023-07-15	2024-05-05
Pretty URL 213.194.160.223/doc/script/common.js IP 213.194.160.223 ASN #15704 Xtra Telecom S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 04:08:17 Last Seen2024-05-05 01:01:08 Times Seen3 Hash 0ff2babcb3d84da460eeec4d63ce738e ce1f1866704e89df18f95b0b7583ba4f515cb534 7354704861e7f795175b1fd580a00636b31875b8b30afcd22910eead0f62bae4 Loading...

	213.194.160.223/doc/script/Translator.js	15 kB	2023-05-28	2024-05-15
Pretty URL 213.194.160.223/doc/script/Translator.js IP 213.194.160.223 ASN #15704 Xtra Telecom S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 18:31:01 Last Seen2024-05-15 23:47:11 Times Seen13 Hash ba9ecdb9dd1a626431540efcacd90bc6 fc800859508a2c6bd6382e2cf1451f89c067c38c e70bce36e285a8d59a7d8fa92d9c5f3c8b06e7ee7370103f7654562275dfe2b5 Loading...

	unknown	11 B	2023-05-28	2024-05-15
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-28 18:31:01 Last Seen2024-05-15 23:47:11 Times Seen49 Hash b7714adab04b8e7b1e86f38df470bc93 8d79f392e78a4498f0a8d7d1a465c8792c4924ee 883f32987f93a71abdc579c95729cde6733263ef54a77790acc77018c49acb5b Loading...

	213.194.160.223/doc/script/jquery-1.7.1.min.js	94 kB	2023-03-07	2024-05-18
Pretty URL 213.194.160.223/doc/script/jquery-1.7.1.min.js IP 213.194.160.223 ASN #15704 Xtra Telecom S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-05-18 12:37:29 Times Seen10800 Hash ddb84c1587287b2df08966081ef063bf 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Loading...

HTTP Transactions (17)

URL IP Response Size

mitmdetection.services.mozilla.com/

54.230.111.49

0 B

URL
mitmdetection.services.mozilla.com/
IP
54.230.111.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
date: Sat, 04 May 2024 23:00:37 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Bxdfh3bMZKtVEekOrGJorVu875lU8W_dUdwvEZ7NdqGPdfAaJArmQg==
X-Firefox-Spdy: h2

213.194.160.223/index.asp

213.194.160.223

1.6 kB

URL
213.194.160.223/index.asp
IP
213.194.160.223:0
ASN
#15704 Xtra Telecom S.A.

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.6 kB (1577 bytes)
Hash
a1990a104f3f65656681cb0a0c8d782b
dd7a711968012c06091fde39b372bbfa87801663
589b52fe7ecf124b181e6e727891ef96ccad580c273a5bfe35998261154778f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.asp HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:53 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:46 2013
Content-length: 1577
Content-type: text/html

213.194.160.223/doc/script/jquery-1.7.1.min.js

213.194.160.223

200 OK

94 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/jquery-1.7.1.min.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
94 kB (93868 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery-1.7.1.min.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/index.asp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:53 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 93868
Content-type: application/x-javascript

213.194.160.223/doc/script/jquery.cookie.js

213.194.160.223

200 OK

3.8 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/jquery.cookie.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.8 kB (3752 bytes)
Hash
a479f46b2a66d5772f839cdf20c24898
dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1
087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery.cookie.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/index.asp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:54 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 3752
Content-type: application/x-javascript

213.194.160.223/doc/page/login.asp

213.194.160.223

200 OK

2.1 kB

URL User Request GET HTTP/1.0
213.194.160.223/doc/page/login.asp
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.1 kB (2120 bytes)
Hash
00c01055cf583fe441ab0406bdc8404d
afff8954b5070a3d876d6878ab5ef9ecbfe4e85c
7869271b32f78492e64b14687dda8475585a8662fb2cfa79a3e5f0ec467819ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/page/login.asp HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/index.asp
Cookie: language=en; updateTips=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:54 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:46 2013
Content-length: 2120
Content-type: text/html

213.194.160.223/doc/css/base.css

213.194.160.223

200 OK

933 B

URL GET HTTP/1.0
213.194.160.223/doc/css/base.css
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
933 B (933 bytes)
Hash
c9f676955ddb0002f2cf9ae5c9859dfc
74ccdcdcb2bf5fae840cf6327db5660289c2d055
d22dc2e1a7a128730f7e3399a0ac3734f6ae4c499d09a705c90ece12f204201c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/css/base.css HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:55 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:44 2013
Content-length: 933
Content-type: text/css

213.194.160.223/doc/script/login.js

213.194.160.223

200 OK

5.3 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/login.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
5.3 kB (5287 bytes)
Hash
b3db92981c688b307f0b8d4e2c286f48
a4b6e40b105abe07177da212ec7479b8301e5715
0415a5f68531693e39916b718918b4c9db304c002582918eda43671a438c727a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/login.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:55 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 5287
Content-type: application/x-javascript

213.194.160.223/doc/script/jquery-1.7.1.min.js

213.194.160.223

200 OK

94 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/jquery-1.7.1.min.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
94 kB (93868 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery-1.7.1.min.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:55 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 93868
Content-type: application/x-javascript

213.194.160.223/doc/script/jquery.cookie.js

213.194.160.223

200 OK

3.8 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/jquery.cookie.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.8 kB (3752 bytes)
Hash
a479f46b2a66d5772f839cdf20c24898
dfc20a0ffcf24df1fdb6d2b15dabde27a3956eb1
087712cabcc08391246c1c3ab4ddecd706ac939a7b1f10e13fe207d9f9240148

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/jquery.cookie.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:55 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 3752
Content-type: application/x-javascript

213.194.160.223/doc/script/common.js

213.194.160.223

200 OK

43 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/common.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1119), with CRLF line terminators
Size
43 kB (43335 bytes)
Hash
6af9be6f89844707dc29b4c6bfedbe23
1744db68468cd3e7715df86980fc56a0384ce681
2860a4601c88bf98c95bf87d0b93ee23c6f291837a33ecf3765b8ad1da46ab8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/common.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:56 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:24:22 2013
Content-length: 43335
Content-type: application/x-javascript

213.194.160.223/doc/css/login.css

213.194.160.223

200 OK

1.1 kB

URL GET HTTP/1.0
213.194.160.223/doc/css/login.css
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1096 bytes)
Hash
9e92089b4549cecdaa845826bae82620
3557726fdf5fd002aac9535ac7668915e8f1ea25
7b4223ddeb4f586881eeba585bdf55a66937486ec981ae702397f010512e6eca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/css/login.css HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:56 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:44 2013
Content-length: 1096
Content-type: text/css

213.194.160.223/doc/script/Translator.js

213.194.160.223

200 OK

15 kB

URL GET HTTP/1.0
213.194.160.223/doc/script/Translator.js
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
15 kB (14942 bytes)
Hash
3a0d9389d8f4ed449fdc9ab591290e3f
b6920330b42aa1995d0b20004e38b5700ed45e2c
af60da9e04e125a7aadca238a8a705a5e4f8c82a2ce5ada0586f264bd035798a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/script/Translator.js HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:56 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 14942
Content-type: application/x-javascript

213.194.160.223/doc/xml/Languages.xml

213.194.160.223

200 OK

1.3 kB

URL GET HTTP/1.0
213.194.160.223/doc/xml/Languages.xml
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.3 kB (1265 bytes)
Hash
9c782342293b882a62aa05a626a33d18
57fbf8d466bc8146b420062592afba9c63684d49
105fcc004494497307a51bfe4a1fafceb757eb726da5673ae5c0fe36d9d2de44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/xml/Languages.xml HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:57 2024
Server: DVRDVS-Webs
Last-modified: Fri Jun 14 07:13:35 2013
Content-length: 1265
Content-type: text/xml

213.194.160.223/doc/images/login/login_14.png

213.194.160.223

200 OK

129 kB

URL GET HTTP/1.0
213.194.160.223/doc/images/login/login_14.png
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
PNG image data, 716 x 344, 8-bit/color RGB, non-interlaced
Size
129 kB (129060 bytes)
Hash
db859e67185b84403a07a1d9ac0fe132
13263cef9692e829f62ca73c36d1a8d40de90d0f
19b6254ec63693416842339bed7a1ad549512568fabd9a05d4e9609559474e8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/images/login/login_14.png HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/css/login.css
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:57 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 129060
Content-type: text/plain

213.194.160.223/doc/images/login/input_normal.png

213.194.160.223

200 OK

2.0 kB

URL GET HTTP/1.0
213.194.160.223/doc/images/login/input_normal.png
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
PNG image data, 200 x 28, 8-bit/color RGB, non-interlaced
Size
2.0 kB (2000 bytes)
Hash
3d3a6af60c23b872f40d94a78c57fecf
4635f2f6ec8b5c0ca4a0f00e0c15096bf3903c47
750e556dd8f121de8550f1244d956e5d2f6ff20e608e15f6dde2a25cf430bf53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/images/login/input_normal.png HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/css/login.css
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:57 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:40 2013
Content-length: 2000
Content-type: text/plain

213.194.160.223/favicon.ico

213.194.160.223

200 OK

1.2 kB

URL GET HTTP/1.0
213.194.160.223/favicon.ico
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
89b932fcc47cf4ca3faadb0cfdef89cf
bbe285bc080460c8d71e80965e993852e62d438f
7d249b2fca8ab8d5ab373444732b8bc9104ab597976640f3441ddfd70148b527

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:58 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:46 2013
Content-length: 1150
Content-type: text/plain

213.194.160.223/doc/xml/en/Login.xml

213.194.160.223

200 OK

854 B

URL GET HTTP/1.0
213.194.160.223/doc/xml/en/Login.xml
IP
213.194.160.223:443
ASN
#15704 Xtra Telecom S.A.

Requested by
https://213.194.160.223/doc/page/login.asp
Certificate
IssuerInternet Widgits Pty Ltd
Subject
FingerprintF2:CF:AD:74:39:6F:F3:A7:64:B8:97:4F:FE:35:0A:0A:41:F8:23:DF
ValidityFri, 23 Nov 2012 12:36:33 GMT - Thu, 20 Aug 2015 12:36:33 GMT

File type
XML 1.0 document, ASCII text, with CRLF line terminators
Size
854 B (854 bytes)
Hash
1491dea09bb7fb0897823065a959bc54
8bd6134910e17a107b9a0671ce25fdaa906ddca2
5d8c60ebea2c4a3e3f5c9ae2fe395496a67c56674aa27d9ebd69ab0295b7d308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /doc/xml/en/Login.xml HTTP/1.1
Host: 213.194.160.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://213.194.160.223/doc/page/login.asp
Cookie: language=en; updateTips=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Sun May  5 00:41:58 2024
Server: DVRDVS-Webs
Last-modified: Wed Jun  5 02:00:30 2013
Content-length: 854
Content-type: text/xml

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections