| 216.8.160.99/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1699529687&plst= | 216.8.160.99 | 200 OK | 1.5 kB |
URL User Request GET HTTP/1.1216.8.160.99/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1699529687&plst= IP216.8.160.99:80
File typeHTML document, ASCII text Hash69ccea288969f5a528e1d0f02d8f7fed 5d9dcafbf78d1f42808c35143628f75e9f0b3dac ce9de808a759f27fee569f5adc139f410f5b2bbdb1d8c8ad8ee53ac0e0878812
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1699529687&plst= HTTP/1.1
Host: 216.8.160.99
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 May 2024 00:49:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
|
IP216.8.160.99:80
Requested byhttp://216.8.160.99/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1699529687&plst=
File typeHTML document, ASCII text Hash69ccea288969f5a528e1d0f02d8f7fed 5d9dcafbf78d1f42808c35143628f75e9f0b3dac ce9de808a759f27fee569f5adc139f410f5b2bbdb1d8c8ad8ee53ac0e0878812
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 216.8.160.99
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://216.8.160.99/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1699529687&plst=
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 May 2024 00:49:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
|