Report - 103.106.20.186:9007/login

Report Overview

Submitted URL
103.106.20.186:9007/login
IP
103.106.20.186
ASN
#137085 Ani Broadband Service Pvt Ltd
Submitted
2024-05-10 10:40:51
Access
public
Website Title
Kalupur Bank - Login
Final URL
103.106.20.186:9007/login
Tags
suspicious
urlquery detections
Suspicious - Anti-debugging code

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
84

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
103.106.20.186:9007	unknown	unknown	No data	No data	20 kB	6.1 MB	103.106.20.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed
2024-05-10	medium	103.106.20.186	Sinkholed

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	103.106.20.186:9007/assets/custom/plugins/audio/audio.js	115 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/assets/custom/plugins/audio/audio.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash 0ad53cdb5895e851ba462ceb2c9519f3 def4fd34e08a723dd769160b7aa98b8f6b477236 84eb21e3b1642b8768461fbdd510159374248e432140d16c023278203013c8a8 Loading...

	103.106.20.186:9007/login	17 B	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/login IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:40:59 Times Seen1 Hash 5df45f339ff0d2694185c6dd0c82be84 c827bfb504ffb197be2de10dfd0bbf4395b19269 db008533a96d99d9362528dfda303b53c27ef32c74daaa6459cf6fe665e09293 Loading...

	103.106.20.186:9007/assets/plugins/global/plugins.bundle.js	2.3 MB	2024-02-21	2024-05-10
Pretty URL 103.106.20.186:9007/assets/plugins/global/plugins.bundle.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-21 19:38:45 Last Seen2024-05-10 12:41:00 Times Seen52 Hash 167cffce8f0ea73c784b91ffafc62b75 1ecc73d1c419468474c2f78e179bca5f028dd239 964d7efcb24830feb942c28e2e39bc8df6ad5ecdeb95beb65fd7949a179a6108 Loading...

	103.106.20.186:9007/login	13 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/login IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:40:59 Times Seen1 Hash 44cb7227e0a1ea31591783abda645b5e 6986604b30cf7b311946105f36676a0296e99593 9b02a45a4813d1ad38dfe5bfdd39b689dfcd8e0018255f29e4210a6e6b54589c Loading...

	103.106.20.186:9007/customjs/common.js	55 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/customjs/common.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash 20a1dca43c4a6c850741f4d3afc5394c dbc5527bb4480e195b172f41e7fb694354bc2d14 15fa451d5478ddf60f4f3511910c957672bfb0d6b29e0d2280ed297c26cd5e01 Loading...

	103.106.20.186:9007/assets/custom/js/footer.js	407 B	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/assets/custom/js/footer.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash bf2ff572389fba89a12d08e6c39ab801 456b10713133dc449b5dc7992aa46a6e185046a7 c2680e96e326e4a4326fe317ea1dd372024c508a1834f4ea08ac47b623b7a06a Loading...

	103.106.20.186:9007/assets/custom/plugins/virtual_keyboard/virtual_keyboard.js	4.3 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/assets/custom/plugins/virtual_keyboard/virtual_keyboard.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash 5e88608587b0ea35885e10f4aae532aa 47f4b1bb2a9ff1d1f429a5b6c59872748bdda63e 21af39a99024949a53d1e17e2e808fbd147b0fe44cb68f5ed08f18d647d2e054 Loading...

	103.106.20.186:9007/login	388 B	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/login IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:40:59 Times Seen1 Hash 2f4df85e75eaddfb5b8f0e1018aaf14c 5e8de79753b1753b7ea9357f0f8ee3af01d1d93c 8e2b00e5cdde727f38e60a95ea22fe4623e6534e144ad6dece02cf2fb816fa0b Loading...

	103.106.20.186:9007/login	487 B	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/login IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:40:59 Times Seen1 Hash 987958d2e3113f1361e9603645958be0 2b9570a61e7327b7adc5ec699096861843996923 a91990b3d0875dfaef3bdbaf2168c4e5ce73900766108d22c2e1dafd1a6458fc Loading...

	103.106.20.186:9007/customjs/signup/jsencrypt.js	207 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/customjs/signup/jsencrypt.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash 5eeb0c1de86fc513fe606cacbdc53fcc 3989fd14f92f7f39037e2526eb416ddb563cd334 5c8e2940f84e9728e587a38628231f97f7d07f2fe0b4a96c2721dfaadc5874c5 Loading...

	103.106.20.186:9007/assets/js/scripts.bundle.js	99 kB	2024-05-10	2024-05-10
Pretty URL 103.106.20.186:9007/assets/js/scripts.bundle.js IP 103.106.20.186 ASN #137085 Ani Broadband Service Pvt Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 12:40:59 Last Seen2024-05-10 12:41:00 Times Seen2 Hash cacf7a6d331dd56665df84f2e7a54839 7dea952b9e5139a53ef7276083bdfddfd428afc5 afd51e75e91479826b34a7a8b049cc6342ffdd40743b304aa9d0caf119f4cc0a Loading...

		Size	First Seen	Last Seen
	#1 Eval - f2d8f25e3bbceb678fe7fad709584377	3.0 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen36 Hash f2d8f25e3bbceb678fe7fad709584377 dd70a2f88bec452105fdc881bca93608c5bfb90d 6c6d79d29d44027a4ff291e2aa5cd07e56016def97d2977466253594fc4074be Loading...

	#2 Eval - dbb95d575c5b5b338ea47639af729416	14 kB	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-10 23:41:59 Times Seen35 Hash dbb95d575c5b5b338ea47639af729416 7bdc9074ad490048d047f4a05d4eaf86a709fd63 102769bf606b093ee423f95ca8e1f6a9b160c080f8462f72d70ae017ed517d1a Loading...

	#3 Eval - 2c0ba505e532938cd6e12bcfb1da02eb	54 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen17 Hash 2c0ba505e532938cd6e12bcfb1da02eb ca8bfc3a6c471bb1f35521a6b37e5f6891ddebae 6804c0d17d20dbec7e051bf6f4b24ed58d631b972395014bea4bb4a6963ec725 Loading...

	#4 Eval - 11235e840cd011868b660c4f8e6e7c61	3.1 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen17 Hash 11235e840cd011868b660c4f8e6e7c61 abb7d20419b0046fcaed539027b353c45c38c721 e4d707affd4a84a5d7c29bcdff59fdd56f4772780f676373318a7cd9775e549e Loading...

	#5 Eval - 15c52c856b2e8cd73996b840022caf4b	8.2 kB	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-10 23:41:59 Times Seen14 Hash 15c52c856b2e8cd73996b840022caf4b 4ca6cd188ce0963c27fd2719320a2429fb28d602 a47c2d713df8e23cb918bd4c3bf56c4014bf0a571b9c1fb6e799568bea79c7f5 Loading...

	#6 Eval - 979debd0b18295b7aa3696c7e6fa3dca	1.6 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen17 Hash 979debd0b18295b7aa3696c7e6fa3dca bb5442a5af8a1b1c7d7d37168288a7ea7931ac51 694a9dee6172f1211c3b9ee69528dbb162d6fdc8a1142004f387b1d8710a2260 Loading...

	#7 Eval - 2b2957337c08a8b83659a4ce5661c3b7	16 kB	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-10 23:41:59 Times Seen16 Hash 2b2957337c08a8b83659a4ce5661c3b7 1e1e51c1f5bfb820e4b7024a21b28f71f7d52f59 6d50d8e4e685914ac7a48197b6f403b1b268c6f72c23dce5acdc3af566339267 Loading...

	#8 Eval - 1800c42569d6cf5afb33f7b7d58c8b4f	3.4 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen36 Hash 1800c42569d6cf5afb33f7b7d58c8b4f 06dc0133503d343384ba08bb182d60f18d5c16b0 cd08ac404890bf69b008564a9fc3de591f74a757eb58ae2edcea81e6b449b22d Loading...

	#9 Eval - 157b4a2079276f04d1f9d85ddde148a4	3.0 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen36 Hash 157b4a2079276f04d1f9d85ddde148a4 4ba048729299ecb1ace4ad41e1118425a0637a30 9822c8ace6ef423c2889dca2068beea9c1cec9154c7a6e7e09e1dd1902a16f4c Loading...

	#10 Eval - 0672951ad243321985c38c108524eb2c	92 B	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-10 23:41:59 Times Seen15 Hash 0672951ad243321985c38c108524eb2c 255d6de66c0af3e988ea707ed36b0ea152aadb31 f9859ed4fe38e7cd6480aa0a830c6a321ce3a2bb4b71cc143bb9da52feefa4a5 Loading...

	#11 Eval - 4c5d8fad42f67fd8f74fe9e1f35755c2	618 B	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-10 23:41:59 Times Seen35 Hash 4c5d8fad42f67fd8f74fe9e1f35755c2 44cd1a2fe46968eaa63b4e7bcff3fdf1e51ac535 20d58dd1591fcffdf38414c8fbb25f12bdc7a298cce6a5d1b27776a0705f61b2 Loading...

	#12 Eval - 527a16201451b36faca3477865bdcad0	2.7 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen17 Hash 527a16201451b36faca3477865bdcad0 13cc02855d218144d232a43d5e16d1f17d0b88d2 e1f5f24c57ad509994da2f5139f5d25e67355df7f1f1c4651cc4ca579a233d7e Loading...

	#13 Eval - 23956a79aa3d8e246776ff4935e0807f	1.7 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen36 Hash 23956a79aa3d8e246776ff4935e0807f ca4aa62cd8dc114f4c402c10b875bc2a358c4c5d d66faa2f8ae20b8c249725ab11fc2385753417e00358a3b915782b0ec45ffb64 Loading...

	#14 Eval - d07c53c105729257f7004a62b7f6a0e3	58 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 12:41:00 Last Seen2024-05-10 12:41:00 Times Seen1 Hash d07c53c105729257f7004a62b7f6a0e3 fc22595f924e6f9df7ed89dd3e97b9fb66d7772d 4d3f01aafba01ca63f6d9923971cf4e9629c74584abc6aff9972539b7c6fb78f Loading...

	#15 Eval - 499b84e5dd8dcdfc2d72438521d5210c	2.5 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen36 Hash 499b84e5dd8dcdfc2d72438521d5210c e1dc8bd77c9c496c537b478b7acf7d1b4d62145e 79cebfe64555d42480a8f8c397bd298ca4b0f48d0ab468552450ebac69e42cdc Loading...

	#16 Eval - 0d16eecc3ea8712b793c2254add06588	21 kB	2023-03-07	2024-05-15
Pretty Observations First Seen2023-03-07 13:02:05 Last Seen2024-05-15 12:07:01 Times Seen16 Hash 0d16eecc3ea8712b793c2254add06588 e4e3b8c9c8d9b2cf5b34f9451ffc53d48f6593fc e710f3946d941692f113be89cea847fc1f4fdf367b372246180d8405b1966536 Loading...

HTTP Transactions (42)

URL IP Response Size

103.106.20.186:9007/login

103.106.20.186

28 kB

URL
103.106.20.186:9007/login
IP
103.106.20.186:0
ASN
#137085 Ani Broadband Service Pvt Ltd

File type
HTML document, ASCII text, with CRLF line terminators
Size
28 kB (28319 bytes)
Hash
89fab77deb96bbe38ed89215690a1da4
b6efc44d0dbdce493dbfdfc0fdb81524d6fc1b6b
5da3a627ed0cf467a4f28f2119634872dce187f2bcf247b50a8879a9eefaf368

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:34 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-type: text/html;charset=UTF-8
Content-language: en-US
Set-cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928; Path=/; HttpOnly
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0
Transfer-encoding: chunked

103.106.20.186:9007/assets/custom/css/imports_plain.css

103.106.20.186

200 OK

1.8 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/css/imports_plain.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
exported SGML document, ASCII text, with CRLF line terminators
Size
1.8 kB (1836 bytes)
Hash
77032741b8ed2365cf1509394ac170be
0fc5df8e8f9079847fd6c65ce9ae99a721b9e8f1
36c11f9f96936a994231d9e6403ed6b47f812abd3e1765f2744a92ed7dd6282c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/imports_plain.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:34 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 1836
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/css/keyboard.css

103.106.20.186

200 OK

4.7 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/css/keyboard.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
4.7 kB (4731 bytes)
Hash
d46d49eb1d49d244296a4f9f2ecefa36
2071ff741bbc4f16cccd492eed40b346368c6514
23ca5f199cfba33bd3db60e1564c9b517283a8b89083e9fddc7e29aa27b69f6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/keyboard.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:34 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 4731
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/js/scripts.bundle.js

103.106.20.186

200 OK

99 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/js/scripts.bundle.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
99 kB (98756 bytes)
Hash
cacf7a6d331dd56665df84f2e7a54839
7dea952b9e5139a53ef7276083bdfddfd428afc5
afd51e75e91479826b34a7a8b049cc6342ffdd40743b304aa9d0caf119f4cc0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/scripts.bundle.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:34 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 98756
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/js/footer.js

103.106.20.186

200 OK

407 B

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/js/footer.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
407 B (407 bytes)
Hash
bf2ff572389fba89a12d08e6c39ab801
456b10713133dc449b5dc7992aa46a6e185046a7
c2680e96e326e4a4326fe317ea1dd372024c508a1834f4ea08ac47b623b7a06a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/js/footer.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:35 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 407
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/audio/audio.js

103.106.20.186

200 OK

115 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/audio/audio.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, ASCII text, with very long lines (796)
Size
115 kB (115071 bytes)
Hash
0ad53cdb5895e851ba462ceb2c9519f3
def4fd34e08a723dd769160b7aa98b8f6b477236
84eb21e3b1642b8768461fbdd510159374248e432140d16c023278203013c8a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/audio/audio.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:35 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 115071
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/css/style.bundle.css

103.106.20.186

200 OK

1.3 MB

URL GET HTTP/1.1
103.106.20.186:9007/assets/css/style.bundle.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Unicode text, UTF-8 text, with very long lines (65342)
Size
1.3 MB (1253906 bytes)
Hash
26a43eee4a14e4e30107682ebb02582f
21a80b3675cd3c8740d02aacc776f10caa72d423
7b3d007bdb7a8a09d4db4fca3ba91afeea895c07e78052089d7a15b4d6349948

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/style.bundle.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:35 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 1253906
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/datatables/css/datatables.min.css

103.106.20.186

200 OK

23 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/datatables/css/datatables.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Unicode text, UTF-8 text, with very long lines (22687), with no line terminators
Size
23 kB (22699 bytes)
Hash
b05ff37027ff673ebdefc99a1f01e7e7
817d91617a9c680e6bcda990eeecf3ff173ddce3
b9de02d81462087991564f952ad901c01b72d0a0c112912dd82b7e757885d6cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/datatables/css/datatables.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:36 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 22699
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/datatables/css/extensions/responsive.dataTables.min.css

103.106.20.186

200 OK

4.3 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/datatables/css/extensions/responsive.dataTables.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (4292), with no line terminators
Size
4.3 kB (4292 bytes)
Hash
db59c11fdf72a660a12aaaf79f65f810
bf75e5d7895f72022ead260e6f16817e21fc4f9a
188153303bedecdd2299238839cf2a847f19fb59b4fd73d621d9f4cb9286fdf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/datatables/css/extensions/responsive.dataTables.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:36 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 4292
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/datatables/css/dataTables.colVis.css

103.106.20.186

200 OK

6.0 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/datatables/css/dataTables.colVis.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
6.0 kB (6007 bytes)
Hash
ccb9f3d1f3bb0f6139ac1b6d4101380c
eb8499eb3e350cc8e1daeef086cb23ad3cdd85a2
1a082420b311c5d640e70c7d14897528713e2244c6ada207dbe261531d4d34da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/datatables/css/dataTables.colVis.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:37 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 6007
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/bs_5_toster/bs_5_tost_custom.css

103.106.20.186

200 OK

212 B

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/bs_5_toster/bs_5_tost_custom.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
212 B (212 bytes)
Hash
90e22ab97eade999cbb567876758e8ed
cc312f675ea8d2d1e18449ea3d81b351af3bacb6
f2db3fdd12f83fdb8a2cdff19473cda40fc23ea08410ac3e9605a9f6e733ebf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/bs_5_toster/bs_5_tost_custom.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:37 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 212
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/jquery_confirm_v3/jquery-confirm.min.css

103.106.20.186

200 OK

27 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/jquery_confirm_v3/jquery-confirm.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text
Size
27 kB (27277 bytes)
Hash
ad9def12cdc8183601d99b85c501b010
c25b032978522adf50a017b3b13a1323bea7457f
2c8ddf0ec6b2a0d482a104632e48480d485cd0747d1ec3f93293869784a1df2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/jquery_confirm_v3/jquery-confirm.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:37 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 27277
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/bootstrap-datepicker/css/bootstrap-datepicker.min.css

103.106.20.186

200 OK

16 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/bootstrap-datepicker/css/bootstrap-datepicker.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (15543)
Size
16 kB (15731 bytes)
Hash
6c64af21a8a40fde79d8e92d44f8b7ce
5fcd369afabf977ec8ad1ad2e659380bd847ed44
24305c9d8795d7d275e22b0677712d9ec0902b4e5df0f733279f9fbc4bc126f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/bootstrap-datepicker/css/bootstrap-datepicker.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:37 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 15731
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/bootstrap-timepicker/bootstrap-timepicker.min.css

103.106.20.186

200 OK

3.3 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/bootstrap-timepicker/bootstrap-timepicker.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text
Size
3.3 kB (3276 bytes)
Hash
c50e7b28a2ec2536540df73226d14665
8ee21fd50e6fb4edca54020431c9ebba75abf5b3
f362e1d666183128715273741211729e5b0dec1e8e3e552523652d23fa3e63ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/bootstrap-timepicker/bootstrap-timepicker.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:37 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 3276
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/plugins/global/plugins.bundle.js

103.106.20.186

200 OK

2.3 MB

URL GET HTTP/1.1
103.106.20.186:9007/assets/plugins/global/plugins.bundle.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61201)
Size
2.3 MB (2266209 bytes)
Hash
167cffce8f0ea73c784b91ffafc62b75
1ecc73d1c419468474c2f78e179bca5f028dd239
964d7efcb24830feb942c28e2e39bc8df6ad5ecdeb95beb65fd7949a179a6108

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/global/plugins.bundle.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:35 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:34 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 2266209
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/daterange/css/daterangepicker.css

103.106.20.186

200 OK

8.4 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/daterange/css/daterangepicker.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text
Size
8.4 kB (8419 bytes)
Hash
daecadc51840a5b3f1272673c3f36ab0
8d77a4d2944ac15f65ea1e066ab179a051eb7228
952339a4d493d1ab1a96d8f9793cae923b391868c1e7dc17082108b51d2dfbd3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/daterange/css/daterangepicker.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 8419
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/typeahedphoto/css/typeahedphoto.css

103.106.20.186

200 OK

2.9 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/typeahedphoto/css/typeahedphoto.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
assembler source, ASCII text, with CRLF line terminators
Size
2.9 kB (2894 bytes)
Hash
55f61356da08532029f366bbb032f253
9595061b6094f894a472fa689fa841cf624b266c
9edd7beea95a1896ec059c8989398b813eeac5ecbd3b36a15ec3efd8804878c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/typeahedphoto/css/typeahedphoto.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 2894
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/jasny-bootstrap/dist/css/jasny-bootstrap.min.css

103.106.20.186

200 OK

20 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/jasny-bootstrap/dist/css/jasny-bootstrap.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text
Size
20 kB (19930 bytes)
Hash
2caed11f9caf4b213723d7352cc24207
2dce34a7d262392b70854f7bf1fba3680bfe79ea
aa1d3018b0112eef6b7dc04264614ab4f9f3cb2c0d78601e3984b5205651cf23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/jasny-bootstrap/dist/css/jasny-bootstrap.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 19930
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/jasny-bootstrap/dist/css/jasny_custom.css

103.106.20.186

200 OK

12 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/jasny-bootstrap/dist/css/jasny_custom.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
assembler source, ASCII text, with CRLF line terminators
Size
12 kB (11887 bytes)
Hash
9fd4b61e16415a64819fbc7f119a7c08
dcb4002007b815790ee7d8b1353572962392d93d
9a8607d393ffc13930002af337c8e2ed03a252c5410fa7efaf3cae9c4bfab4ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/jasny-bootstrap/dist/css/jasny_custom.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 11887
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/switch/css/bootstrap-switch.min.css

103.106.20.186

200 OK

5.6 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/switch/css/bootstrap-switch.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (5348)
Size
5.6 kB (5612 bytes)
Hash
17fc6e5330ede6f875a0736479b7f362
2ebe558e7530c76abbde30c840d8e478d3ee6618
b23dea9114d920bf0a7dfe5f493d535f4105f6512649f1608cdbee8b0d82579c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/switch/css/bootstrap-switch.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 5612
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/switch/css/switchery.min.css

103.106.20.186

200 OK

682 B

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/switch/css/switchery.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
3d5c5f2d195cad6c3658bec52095df6b
31db624af9fdc9411c1457353cb2d0e018a73fc7
da426bd59d02d72e73d239e1aff982bb8e89dd1e94b9dfaa0901c0dfd8b5798a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/switch/css/switchery.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 682
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/switch/css/switch.css

103.106.20.186

200 OK

2.5 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/switch/css/switch.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text
Size
2.5 kB (2510 bytes)
Hash
347ddd1b697a27438345b3166a0a16d4
3dc9a6bd58f6bdf773d700697935f7ebfb91cfa4
af97e4fc442cdf8ae7740c14169136f7b6bcd2ba9a98847d20a0561c4ba31ee3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/switch/css/switch.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 2510
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/wow_animation/animate.css

103.106.20.186

200 OK

57 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/wow_animation/animate.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (22247), with CRLF line terminators
Size
57 kB (56614 bytes)
Hash
caf73cf2dd64cceff640564221501c57
2ec95a73ab136033e62d11d982877c9e2caa4377
2291596a68c03339664c003c2d41a3e4c22f4908ae6d412976b57d5703f11810

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/wow_animation/animate.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 56614
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/jquery_ui/css/jquery-ui.min.css

103.106.20.186

200 OK

32 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/jquery_ui/css/jquery-ui.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (29137), with CRLF line terminators
Size
32 kB (32082 bytes)
Hash
215077014154308be415e1181a14646f
8366128e32a0fd429eb64d6aeaa0dca535a8be27
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/jquery_ui/css/jquery-ui.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:38 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 32082
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/customizer/css/customizer.css

103.106.20.186

200 OK

37 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/customizer/css/customizer.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
37 kB (37153 bytes)
Hash
c3f95d7e5be3eba71397b017e0522c4b
e64867a742f49234729bc22c72bbb107363d26be
97f2b93a534cc034e6b00dbe0352abbfd1b64ad63bc084c230189cde8daeaeb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/customizer/css/customizer.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:39 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 37153
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/bootstrap-selectpicker/css/bootstrap-select.min.css

103.106.20.186

200 OK

12 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/bootstrap-selectpicker/css/bootstrap-select.min.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (11584), with CRLF line terminators
Size
12 kB (11830 bytes)
Hash
bfb1a0055a13bf33488dceb5d74fa3bd
6fa3d28e6d6b6c7f00b61a9208a0453467d6c6ee
3e438de1a23d25d3a59be3c4bb6d38615f02558efe66db987fb938ad7d24b58c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/bootstrap-selectpicker/css/bootstrap-select.min.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:39 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 11830
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/css/custom.css

103.106.20.186

200 OK

130 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/css/custom.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (1013), with CRLF line terminators
Size
130 kB (130471 bytes)
Hash
aeb6215d96f2ccac06d6f47b157777e8
0a59c1b00aa234d5a274c2fc7b17dd34e7a45960
73dd6e052af09ecd250d20649c9b80825ec264780a95acf61a75fc1e204d8769

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/custom.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:39 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 130471
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/toggle_switch/toggle_switch.css

103.106.20.186

200 OK

7.6 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/toggle_switch/toggle_switch.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
7.6 kB (7626 bytes)
Hash
0a946290382a3142f41d2395cec21860
280f1bc9b4791a610fe933dfb7c8c47a3d57c045
ccbfff5041b4f426040123b3be95997ca379b4ecb703739a8def95c3d235f95e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/toggle_switch/toggle_switch.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:39 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 7626
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/fonts/roboto/roboto.css

103.106.20.186

200 OK

14 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/fonts/roboto/roboto.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with CRLF line terminators
Size
14 kB (13831 bytes)
Hash
5ae241a11f5526e66123a9e87729c5cf
f7964a880bb3bb304648aeefa6be769dea6bb214
37974820a7da4d487a2af5a8c33556c00f79bb247ea7c9ead520be97b80107fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/fonts/roboto/roboto.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:39 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 13831
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/plugins/virtual_keyboard/virtual_keyboard.js

103.106.20.186

200 OK

4.3 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/plugins/virtual_keyboard/virtual_keyboard.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
4.3 kB (4255 bytes)
Hash
5e88608587b0ea35885e10f4aae532aa
47f4b1bb2a9ff1d1f429a5b6c59872748bdda63e
21af39a99024949a53d1e17e2e808fbd147b0fe44cb68f5ed08f18d647d2e054

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/plugins/virtual_keyboard/virtual_keyboard.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:44 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 4255
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/customjs/common.js

103.106.20.186

200 OK

55 kB

URL GET HTTP/1.1
103.106.20.186:9007/customjs/common.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
55 kB (55382 bytes)
Hash
20a1dca43c4a6c850741f4d3afc5394c
dbc5527bb4480e195b172f41e7fb694354bc2d14
15fa451d5478ddf60f4f3511910c957672bfb0d6b29e0d2280ed297c26cd5e01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /customjs/common.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:44 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Tue, 16 Apr 2024 07:44:14 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 55382
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/customjs/signup/jsencrypt.js

103.106.20.186

200 OK

207 kB

URL GET HTTP/1.1
103.106.20.186:9007/customjs/signup/jsencrypt.js
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JavaScript source, ASCII text, with very long lines (21722)
Size
207 kB (206591 bytes)
Hash
5eeb0c1de86fc513fe606cacbdc53fcc
3989fd14f92f7f39037e2526eb416ddb563cd334
5c8e2940f84e9728e587a38628231f97f7d07f2fe0b4a96c2721dfaadc5874c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /customjs/signup/jsencrypt.js HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:44 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Tue, 08 Aug 2023 13:28:44 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/javascript
Content-length: 206591
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/plugins/global/plugins.bundle.css

103.106.20.186

200 OK

704 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/plugins/global/plugins.bundle.css
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
ASCII text, with very long lines (65536), with no line terminators
Size
704 kB (704065 bytes)
Hash
ff35aaa3417a54e6e5557a7285d83551
d69e6303c34d3283e9df4439d539a24affec8401
8b4cc2246e44c1264661cf15562c4cb708c5145c7e383872b395adfa7e492d6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/global/plugins.bundle.css HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/assets/custom/css/imports_plain.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:44 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:34 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: text/css
Content-length: 704065
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/images/logo.jpg

103.106.20.186

200 OK

30 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/images/logo.jpg
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 253x84, components 3
Size
30 kB (30417 bytes)
Hash
c2ce48668c7022e8f1de7ef82fc0a85b
94ef5a39015ec47b102910b4e6913465eccee7e2
02c24fc7f0df39e6f73ebba05381f09d79be39f3a8cefb3f14b38f878ef84125

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/images/logo.jpg HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: image/jpeg
Content-length: 30417
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/images/full_logo.png

103.106.20.186

200 OK

55 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/images/full_logo.png
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2020:04:29 15:14:02], baseline, precision 8, 562x60, components 3
Size
55 kB (54810 bytes)
Hash
694ee05de50dc3cb357f8d9e3a4c7cac
5ccd0834d1b1be35b0a75de7774b7dc34620e8ee
82fe9d6cdc754e820460a7fcc1a11d54a714d992a3f2d606b355ecb27febe33d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/images/full_logo.png HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: image/png
Content-length: 54810
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/images/favicon.ico

103.106.20.186

200 OK

15 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/images/favicon.ico
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
be3a4564257717a878bcb4d53cc4fbfb
9679372edde68d41c50d952dfaafdac3116b9f57
f455f39991dfc9ba9a958a2e44f472e20c74dca1d44a2a8f8a2084525f13c57e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/images/favicon.ico HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: image/x-icon
Content-length: 15406
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

103.106.20.186

200 OK

16 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://103.106.20.186:9007/assets/custom/fonts/roboto/roboto.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: font/woff2
Content-length: 15920
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2

103.106.20.186

200 OK

16 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/fonts/roboto/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://103.106.20.186:9007/assets/custom/fonts/roboto/roboto.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: font/woff2
Content-length: 15744
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

103.106.20.186

200 OK

16 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/fonts/roboto/fonts/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://103.106.20.186:9007/assets/custom/fonts/roboto/roboto.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:24 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: font/woff2
Content-length: 15860
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/custom/images/background10.jpg

103.106.20.186

200 OK

556 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/custom/images/background10.jpg
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1280, components 3
Size
556 kB (556077 bytes)
Hash
ebb37eb34a0e52cefda0113c3a59c928
c56bee81eba20014fa7a372a1a61f18647a0b691
b3f8022378c834a106740086a74ea09c129f5a6468ae23f9b6767e85c47072c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/images/background10.jpg HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:26 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: image/jpeg
Content-length: 556077
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/assets/plugins/global/fonts/@fortawesome/fa-solid-900.woff2

103.106.20.186

200 OK

150 kB

URL GET HTTP/1.1
103.106.20.186:9007/assets/plugins/global/fonts/@fortawesome/fa-solid-900.woff2
IP
103.106.20.186:9007
ASN
#137085 Ani Broadband Service Pvt Ltd

Requested by
http://103.106.20.186:9007/login

File type
Web Open Font Format (Version 2), TrueType, length 150516, version 770.768
Size
150 kB (150516 bytes)
Hash
328a9d0f59f0ebb55cddac6f39995bea
c0e6e76b4a02c34656ff2a41b671e02f2821829b
8f06540fd77f1effe1e2da8ea10cec4a382dda9cc6ef05d816e1d6de444072f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/global/fonts/@fortawesome/fa-solid-900.woff2 HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://103.106.20.186:9007/assets/plugins/global/plugins.bundle.css
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Fri, 10 May 2024 10:37:45 GMT
Access-control-allow-methods: POST, GET
X-frame-options: DENY
Access-control-allow-origin: SAMEORIGIN
X-content-type-options: nosniff
Strict-transport-security: max-age=31536000; includeSubDomains
X-xss-protection: 1; mode=block
Referrer-policy: strict-origin-when-cross-origin
X-dns-prefetch-control: off
Access-control-max-age: 3600
Content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://kccbl.s3.ap-south-1.amazonaws.com; img-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data: blob:; font-src 'self' https://kccbl.s3.ap-south-1.amazonaws.com data:; frame-ancestors 'none'; script-src 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'self' https://kendo.cdn.telerik.com https://uat.billdesk.com/ https://124.124.19.53:446/ https://uatkalupur.northakross.in https://kccbl.s3.ap-south-1.amazonaws.com;
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Last-modified: Fri, 03 May 2024 04:51:34 GMT
Cache-control: max-age=1296000
Accept-ranges: bytes
Content-type: font/woff2
Content-length: 150516
Via: 1.1 https-efive
Proxy-agent: Oracle-iPlanet-Web-Server/7.0

103.106.20.186:9007/resourse/common/pageopen

0.0.0.0

0 B

URL POST
103.106.20.186:9007/resourse/common/pageopen
IP
0.0.0.0:0
ASN
#0

Requested by
http://103.106.20.186:9007/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /resourse/common/pageopen HTTP/1.1
Host: 103.106.20.186:9007
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://103.106.20.186:9007/login
Content-Type: application/json
X-CSRF-TOKEN: 1fKbaW1liZP9M9vetCe3NpSj8oapB_31PO1ryNZvpf_8bKMwtJb_CghVv6LQUrjq0QqDA_CQ3-eRM57YDdhb8LIJls_PW5BT
systemdata: {"osName":"Linux x86_64","browserLanguage":"en-US","ScreenSize":"1024x1280","viewportSize":"1024x1280","BrowserVersion":"96.0","browserVendor":"","devicePixelRatio":1,"colorDepth":24,"cookieEnabled":true,"os":"Linux","appVersion":"5.0 (X11)","Ram":"undefined","touchSupport":false,"hostUrl":"103.106.20.186"}
X-Requested-With: XMLHttpRequest
Content-Length: 4
Origin: http://103.106.20.186:9007
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=AFCC0C468CF867A99059AB0E6101E928
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML