URL User Request GET HTTP/1.1IP 85.115.53.171:80
ASN#44444 Forcepoint Cloud Ltd
File typeHTML document, ASCII text, with very long lines (913), with CRLF, LF line terminators Hash12ee56bb4521c72ce565f893440ae218 ccb21beed44aaf9baab3c224854e973cb4604ed4 e2015585e944d3a77417f43afb7473c51ed2a576c7486d44db13b9e2e2b6f532
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 85.115.53.171
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Frame-Ancestors: none
Transfer-Encoding: chunked
Server: WebDefence/7.11.51
Pragma: No-cache
Cache-Control: No-cache
Date: Thu, 25 Apr 2024 14:58:50 GMT
Content-Type: text/html; charset=UTF-8
|
| www.mailcontrol.com/images/wd_tick.png | 85.115.52.220 | 200 OK | 71 kB |
URL GET HTTP/1.1www.mailcontrol.com/images/wd_tick.png IP85.115.52.220:80 ASN#44444 Forcepoint Cloud Ltd
File typePNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced Hashfd0b6180bc2c1b19d3030ef09b55fce0 7393947c3e7d694e3a7ae7b0ec399002cc36bb23 d415140b85f6af6c038c58516fe34089cfb4b3c913ffa810716a6a90b0abcc46
GET /images/wd_tick.png HTTP/1.1
Host: www.mailcontrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.115.53.171/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 14:58:50 GMT
Server: Forcepoint
Last-Modified: Tue, 27 Feb 2024 17:10:42 GMT
Accept-Ranges: bytes
Content-Length: 71408
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=2678400
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com; style-src 'self' 'unsafe-inline' *.walkme.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com; connect-src 'self' *.walkme.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com;
Cache-Control: public, max-age=129600, must-revalidate
X-FRAME-OPTIONS: SAMEORIGIN
Connection: close
Content-Type: image/png
Content-Language: en
|
| www.mailcontrol.com/cobrand/websense/websense_images/websense.ico | 85.115.52.220 | 200 OK | 33 kB |
URL GET HTTP/1.1www.mailcontrol.com/cobrand/websense/websense_images/websense.ico IP85.115.52.220:80 ASN#44444 Forcepoint Cloud Ltd
File typeMS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel Hash34759c18b4c67455f6eac12e078be51f a620b7947c48cc414d91ee01e704a1b010b51d3b 33a33defa235d8037d2800fe4386f6c01dc81e8ffaeec3f50797bffbfd8ab2ba
GET /cobrand/websense/websense_images/websense.ico HTTP/1.1
Host: www.mailcontrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.115.53.171/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 14:58:50 GMT
Server: Forcepoint
Last-Modified: Tue, 27 Feb 2024 17:10:41 GMT
Accept-Ranges: bytes
Content-Length: 32988
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=2678400
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com; style-src 'self' 'unsafe-inline' *.walkme.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com; connect-src 'self' *.walkme.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com;
Cache-Control: public, max-age=3153600, must-revalidate
X-FRAME-OPTIONS: SAMEORIGIN
Connection: close
Content-Language: en
|