Report - itf15a.de/

Report Overview

Submitted URL
itf15a.de/
IP
188.68.47.36
ASN
#197540 netcup GmbH
Submitted
2024-04-25 02:29:42
Access
public
Website Title
ITF15a - Home
Final URL
itf15a.de/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
itf15a.de	unknown	unknown	2015-12-28	2023-11-04	2.9 kB	292 kB	188.68.47.36
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-23	403 B	31 kB	151.101.66.137
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-24	2.4 kB	339 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed
2024-04-25	medium	itf15a.de	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	itf15a.de/	227 B	2023-11-16	2024-04-25
Pretty URL itf15a.de/ IP 188.68.47.36 ASN #197540 netcup GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-16 23:56:21 Last Seen2024-04-25 04:29:42 Times Seen2 Hash 33fce4855a57f775547d9d629d84b8ba 8b99506e22d5bb3f73c9fd2e1a07dc8cd5e683fe 7942b83e528b752dd8aa526a5017c2b03d48b590dadce96836cee6ef4f15f4a6 Loading...

	itf15a.de/js/adblock_block.js	10 kB	2023-11-16	2024-04-25
Pretty URL itf15a.de/js/adblock_block.js IP 188.68.47.36 ASN #197540 netcup GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 23:56:21 Last Seen2024-04-25 04:29:42 Times Seen4 Hash e4c8ba07027e8be77f4ce472350233a0 8cf81fa0a1418c420f69c5c097c03ff780ab7579 29485803e8875ffe01e753a9f8bba1caf83917b8ffc963c8dc25c9e6561f3b6d Loading...

	itf15a.de/js/coin.min.js	262 kB	2023-11-16	2024-04-25
Pretty URL itf15a.de/js/coin.min.js IP 188.68.47.36 ASN #197540 netcup GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 23:56:21 Last Seen2024-04-25 04:29:42 Times Seen4 Hash 2bd18f4586e6c74ccfcd8b0b2d46eafa 0544fd0ae1797a6f5f357a2e82677b55a3048a8e 5d514880ad502302dd4bf0ef8da5d38356385d1c43689f6739f6771ed7a4ef73 Loading...

	itf15a.de/	758 B	2023-11-16	2024-04-25
Pretty URL itf15a.de/ IP 188.68.47.36 ASN #197540 netcup GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-16 23:56:21 Last Seen2024-04-25 04:29:42 Times Seen2 Hash 538377f8a6f4d7ff54a7ea2bca111688 4a9851ed3a37023810d496d39d5b7275a8d4dcb3 0042c9d4aeda6612c62526f3958157755644c41090ba8dd212e9b9fd73e5d20d Loading...

	code.jquery.com/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-05-04
Pretty URL code.jquery.com/jquery-3.2.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-04 10:44:12 Times Seen64419 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	37 kB	2023-03-07	2024-05-04
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-04 09:18:37 Times Seen55207 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

		Size	First Seen	Last Seen
	#1 Eval - d1f7c77e954f689bb6852b9095d87c91	12 kB	2023-11-16	2024-04-25
Pretty Observations First Seen2023-11-16 23:56:21 Last Seen2024-04-25 04:29:42 Times Seen2 Hash d1f7c77e954f689bb6852b9095d87c91 cde073a3af235bd56501c9a09bbbbd5f52855644 5e5d0fb42b981b8ad05bb7c7cd0450f7561a41b472bd7e98307f231c94a8aa95 Loading...

HTTP Transactions (13)

URL IP Response Size

itf15a.de/

188.68.47.36

200 OK

2.7 kB

URL User Request GET HTTP/2
itf15a.de/
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
2.7 kB (2694 bytes)
Hash
aea24cf682971e9e5e5be273450fcf04
710243aa85df9b6ff230f77b9e1d09e8e8abe8f8
57b136b0ab2a265e2f176921e95b13ea8c2e7302e58bba1601146579b09767f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/html; charset=UTF-8
content-length: 2694
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

itf15a.de/css/main.css

188.68.47.36

200 OK

192 B

URL GET HTTP/2
itf15a.de/css/main.css
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
ASCII text
Size
192 B (192 bytes)
Hash
ec25d2818bf4d5ffd847e98310290f35
4d1488b3057ce7740058ae9e7426f6667fdbc413
e298ef9f95348cbad2b839eeadb71709e0838bec1b4b5ce5fa5228a4c41f8b44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/css
content-length: 192
x-accel-version: 0.01
last-modified: Fri, 23 Mar 2018 08:35:58 GMT
etag: "182-56810503df654-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

itf15a.de/css/footer-navbar.css

188.68.47.36

200 OK

250 B

URL GET HTTP/2
itf15a.de/css/footer-navbar.css
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
ASCII text
Size
250 B (250 bytes)
Hash
24203cb975089f6aa6a679ed75dd2e6c
5cfe50990e3e842bee9071995857058ba47a7fb5
19021ef5280e2a8352ca13e7cef9d6b203dce51f8fb3c8de57a6f5e3919ea1f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/footer-navbar.css HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/css
content-length: 250
x-accel-version: 0.01
last-modified: Fri, 23 Mar 2018 08:35:58 GMT
etag: "1f9-5681050360338-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

itf15a.de/css/tab.css

188.68.47.36

200 OK

127 B

URL GET HTTP/2
itf15a.de/css/tab.css
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
ASCII text
Size
127 B (127 bytes)
Hash
d6ed7bc7360e803c5327d89b95e9ce7f
f9aba09554444ffa3647377a108f14b35862deb8
8cccbdbfcd99065436f1ab58ca7ac6526d26eedd51c5c50205eb034ade4bff69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/tab.css HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/css
content-length: 127
x-accel-version: 0.01
last-modified: Fri, 23 Mar 2018 08:35:58 GMT
etag: "d0-56810503762c2-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.min.js

151.101.66.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://itf15a.de/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30125 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15283"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 02:29:16 GMT
age: 8560723
x-served-by: cache-lga21971-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 29, 511330
x-timer: S1714012157.824712,VS0,VE0
vary: Accept-Encoding
content-length: 30125
X-Firefox-Spdy: h2

itf15a.de/js/adblock_block.js

188.68.47.36

200 OK

23 kB

URL GET HTTP/2
itf15a.de/js/adblock_block.js
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
JavaScript source, ASCII text, with very long lines (10462)
Size
23 kB (23397 bytes)
Hash
e4c8ba07027e8be77f4ce472350233a0
8cf81fa0a1418c420f69c5c097c03ff780ab7579
29485803e8875ffe01e753a9f8bba1caf83917b8ffc963c8dc25c9e6561f3b6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/adblock_block.js HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: application/javascript
last-modified: Fri, 23 Mar 2018 08:36:04 GMT
vary: Accept-Encoding
etag: W/"5ab4bc74-28e0"
content-encoding: br
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.10.207

200 OK

87 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://itf15a.de/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
87 kB (87415 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 12/13/2021 20:18:53
cdn-edgestorageid: 755
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-proxyver: 1.02
cdn-requestid: 48135f30fbfcba704628453df5764d8f
cdn-cache: HIT
cf-cache-status: HIT
age: 13375174
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879ae78c0b615684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.10.207

200 OK

121 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://itf15a.de/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 10/31/2023 18:59:36
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: a99131ed71793c235969f4741b45dd0f
cdn-cache: HIT
cf-cache-status: HIT
age: 13199137
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879ae78c0b605684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

itf15a.de/js/coin.min.js

188.68.47.36

200 OK

262 kB

URL GET HTTP/2
itf15a.de/js/coin.min.js
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
262 kB (262243 bytes)
Hash
2bd18f4586e6c74ccfcd8b0b2d46eafa
0544fd0ae1797a6f5f357a2e82677b55a3048a8e
5d514880ad502302dd4bf0ef8da5d38356385d1c43689f6739f6771ed7a4ef73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/coin.min.js HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: application/javascript
last-modified: Wed, 11 Apr 2018 21:06:02 GMT
vary: Accept-Encoding
etag: W/"5ace78ba-40063"
content-encoding: br
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.18.10.207

200 OK

77 kB

URL GET HTTP/3
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://itf15a.de/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itf15a.de
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 02:29:17 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 19:08:24
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: a75546785d517f947f29d85e504f8cb5
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879ae78d28db712e-OSL
alt-svc: h3=":443"; ma=86400

itf15a.de/favicon.ico

188.68.47.36

404 Not Found

808 B

URL GET HTTP/2
itf15a.de/favicon.ico
IP
188.68.47.36:443
ASN
#197540 netcup GmbH

Requested by
https://itf15a.de/
Certificate
IssuerLet's Encrypt
Subjectitf15a.de
Fingerprint86:CE:E9:79:92:8E:91:E2:27:AD:B6:D9:D3:15:A0:7D:01:E1:E1:3F
ValiditySat, 20 Apr 2024 03:24:18 GMT - Fri, 19 Jul 2024 03:24:17 GMT

File type
HTML document, ASCII text, with very long lines (866), with no line terminators
Size
808 B (808 bytes)
Hash
b45bdabc5c2538b0c4e5f352bcdfb585
5a97ce87ce8d3d86a043c1a5e68e968e20a1e146
c96189c857253fcdbe13dfcbc7f919050fae21ccb7116c3078ee3c8d8d0f12c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: itf15a.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 25 Apr 2024 02:29:17 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Fri, 23 Mar 2018 07:25:19 GMT
etag: W/"328-5680f5393416c"
content-encoding: br
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

31 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://itf15a.de/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itf15a.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 02:29:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 18:48:06
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 9e61a4e37a75208649ae6b63a0cb4f72
cdn-cache: HIT
cf-cache-status: HIT
age: 12952426
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879ae78c0b625684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2

104.18.10.207

200 OK

18 kB

URL GET HTTP/3
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://itf15a.de/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

HTTP Headers

GET /bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itf15a.de
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 02:29:17 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 01/03/2024 11:54:50
cdn-edgestorageid: 894
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: fef8b8cad853c20bf1591704822ad8bd
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 879ae78d28da712e-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers