Report - 79.127.72.74/

Report Overview

Submitted URL
79.127.72.74/
IP
79.127.72.74
ASN
#43754 Asiatech Data Transmission company
Submitted
2024-05-08 22:46:05
Access
public
Website Title
AX1500 Wi-Fi 6 Router
Final URL
79.127.72.74/webpages/index.html?t=9cfe5630
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
126

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-05-06	366 B	326 B	54.230.111.70
79.127.72.74	unknown	unknown	No data	No data	32 kB	3.0 MB	79.127.72.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed
2024-05-08	medium	79.127.72.74	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	79.127.72.74/webpages/js/su/char.js?t=9cfe5630	3.8 kB	2023-03-14	2024-05-17
Pretty URL 79.127.72.74/webpages/js/su/char.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 04:54:29 Last Seen2024-05-17 23:52:39 Times Seen124 Hash 492a8b26dc4ceee50242d80e4949efff cb78326c06ccc0ab873e0365d90b3a93abd7ff66 5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5 Loading...

	unknown	43 B	2023-04-11	2024-05-17
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:28:09 Last Seen2024-05-17 23:41:01 Times Seen469 Hash 434bc8c272edb231952c0acb7a2db4a6 e3f0fe0b7e9ebb3721d459b631f2906a60abee35 5cbb70acd21edb087a379b31b59e25d0e22d3ff63025301a9e5a7aa85db3a2dd Loading...

	unknown	47 B	2023-04-11	2024-05-17
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:28:09 Last Seen2024-05-17 23:41:02 Times Seen694 Hash f571e193123574fbfc54ef01d306e4a5 b26418b8dceddcc07b277d20a0b134aee13f26a4 e5f9b0b80aa74e2a3999f6ad1df65b5c4c440760091ae28f1c2418c5aa624756 Loading...

	79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630	37 kB	2023-03-08	2024-05-18
Pretty URL 79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:31:18 Last Seen2024-05-18 00:10:51 Times Seen259 Hash 242f7a6460d88d62952bc73f3fdee691 679c50b118801a48f13ab4a0e06c00370d48d719 fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8 Loading...

	79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630	4.4 kB	2023-12-17	2024-05-12
Pretty URL 79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 18:03:40 Last Seen2024-05-12 01:58:51 Times Seen23 Hash d00eae87038ac4282e14bfcdb0ef0b57 c69e3d6e47eef916b0c9f4c81d8eb11b4614942e 2972016a868ddd898f77ad9eb30e1df4e6dcdc1db3f48483ff75e52a8b75b3fd Loading...

	79.127.72.74/webpages/index.html?t=9cfe5630	0 B	2023-03-07	2024-05-20
Pretty URL 79.127.72.74/webpages/index.html?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 01:43:46 Times Seen37850609 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	40 B	2023-05-22	2024-05-17
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-05-22 00:00:07 Last Seen2024-05-17 23:41:02 Times Seen74 Hash 4c6fd32498b1432717a481dcb9acd905 fc1247def993e85ff0d8cf3c3ddb546afb9e40a4 6911f475cd1d920f0a4b98b349a0d6faba70afa7f658cb820360f5874c8262c4 Loading...

	79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630	3.1 kB	2023-10-31	2024-05-17
Pretty URL 79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 22:18:50 Last Seen2024-05-17 23:52:39 Times Seen164 Hash 7c7d50597056d7447cbd2e9d674a4923 58a7c5b7a8529cfb4a940f267523711c6c31bf72 f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e Loading...

	79.127.72.74/webpages/js/su/language.js?t=9cfe5630	1.8 kB	2024-05-03	2024-05-12
Pretty URL 79.127.72.74/webpages/js/su/language.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 10:11:24 Last Seen2024-05-12 01:58:51 Times Seen14 Hash 09cc2c95d86f6c689ed557c675d27ea5 2929f18f65cbaaddc21f62a185a55675ba8d1806 7ae8ab0dfd8de0a16214c37009269ac0dc617b602276595156d2960fc4c182af Loading...

	79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630	93 kB	2023-03-07	2024-05-18
Pretty URL 79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:50:44 Last Seen2024-05-18 00:10:51 Times Seen336 Hash 00ff34b67a328f219fa3ae2423d4f252 19715ffee604b54e95a0e9db76f6de2b5125c29e dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1 Loading...

	79.127.72.74/webpages/js/su/frame.js?t=9cfe5630	645 kB	2024-05-03	2024-05-10
Pretty URL 79.127.72.74/webpages/js/su/frame.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 10:11:24 Last Seen2024-05-10 23:25:05 Times Seen12 Hash 71d0a0253608892f25cbdb57235d9955 0797a6dd125fc839e3aef79fd055b9b39a54501d 6f4b0b7db77d225b4b2c6d8d2c25de19e351a43eadfb460e006fe63526456db3 Loading...

	79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630	19 kB	2023-12-06	2024-05-17
Pretty URL 79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 04:16:42 Last Seen2024-05-17 23:41:02 Times Seen59 Hash 725ad30a9b43310ed26f3993ce020b45 3e8015359679df906e9c5cbf6f80b338a8564193 14638370ba54a7005d12d5ff62c3cfb4914b7e910c85f1ad646698185f252341 Loading...

	79.127.72.74/webpages/js/app/url.js?t=9cfe5630	323 B	2023-11-08	2024-05-17
Pretty URL 79.127.72.74/webpages/js/app/url.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 02:33:12 Last Seen2024-05-17 23:52:39 Times Seen100 Hash 6e7925ced5dc121458d9a719972e5ea9 6de4445680d6cb123fef1bc9add4f5de78c48d3a 30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187 Loading...

	79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630	1.5 kB	2023-10-31	2024-05-17
Pretty URL 79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630 IP 79.127.72.74 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 22:18:50 Last Seen2024-05-17 23:52:39 Times Seen164 Hash 4f993937854b67c2c8ce9819786133af 32b493527dc9a3af145de5420371d5559fc7a919 e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62 Loading...

		Size	First Seen	Last Seen
	#1 Eval - fa1fc2a23d6d372f4db730e4fac97ddd	2.8 kB	2024-05-07	2024-05-10
Pretty Observations First Seen2024-05-07 23:29:34 Last Seen2024-05-10 23:25:05 Times Seen4 Hash fa1fc2a23d6d372f4db730e4fac97ddd a0cb7381fdb85f9d7128e27a2d905a74d8bd6582 f557c83fe2c4f7fb1629071aa73943739a6b5c4ee87fe87237689e260c0675b9 Loading...

	#2 Eval - dfaed4a67cb643c125a4c7abb855a735	7.6 kB	2024-05-09	2024-05-10
Pretty Observations First Seen2024-05-09 00:46:12 Last Seen2024-05-10 23:25:05 Times Seen3 Hash dfaed4a67cb643c125a4c7abb855a735 4ce5c62147df186315d6ac6d900962dd7f81ed58 88590914500209ace6ed663208362038816aa65404266f5239d0a7967ffb2168 Loading...

	#3 Eval - 50e9b58277a07add6d10883682dd4735	684 B	2023-11-08	2024-05-17
Pretty Observations First Seen2023-11-08 02:33:12 Last Seen2024-05-17 23:41:02 Times Seen19 Hash 50e9b58277a07add6d10883682dd4735 e9140afd17f2f3e8e345fa8f4c5de1cb9ccd78c3 a72634a5582d81f400ae66d3ed0fbc164f486e1571a688d92c89611468ca938b Loading...

	#4 Eval - 0afdd3470383b70528738296d529b5a4	18 kB	2023-12-17	2024-05-17
Pretty Observations First Seen2023-12-17 18:03:40 Last Seen2024-05-17 23:41:02 Times Seen20 Hash 0afdd3470383b70528738296d529b5a4 4eb3bc63f267a93cc6a6129077e146a170f90474 59c697bcb48861c9e083c0052beae725fb2d32c796dbd1a71de66567b464297d Loading...

	#5 Eval - a56dfd757136adcd2831005fd8b861a4	4.9 kB	2024-01-03	2024-05-17
Pretty Observations First Seen2024-01-03 04:28:00 Last Seen2024-05-17 23:41:02 Times Seen11 Hash a56dfd757136adcd2831005fd8b861a4 570c6f6d756ced08e0ba7f8b8c9dc058e4520fbc caa79f44c98798b32ac05e5689f4027d274a8f664765388b3958ae6997fb0059 Loading...

	#6 Eval - 5bfb585379aa132b88d30c8c87eff188	1.1 kB	2023-11-08	2024-05-17
Pretty Observations First Seen2023-11-08 02:33:12 Last Seen2024-05-17 23:41:02 Times Seen15 Hash 5bfb585379aa132b88d30c8c87eff188 f93ec16e324b47b638263af14eee5b5c62f16200 b94d6a1450f2bcf68ed93db7d8270a9bb538db3da0f17b6f51b681294042b369 Loading...

	#7 Eval - 14194013a35e0e94ed04ca31b21d5f76	1.4 kB	2023-11-08	2024-05-17
Pretty Observations First Seen2023-11-08 02:33:12 Last Seen2024-05-17 23:41:02 Times Seen20 Hash 14194013a35e0e94ed04ca31b21d5f76 72814d910b131bae2991574ce9be0f8bdec1fb7f a01735c84fd28a717c28d0119ea60824d4dcf90942732f6a682ff4a103bb6dfc Loading...

	#8 Eval - 39f7556e1a697154428a32bf1d63c292	146 kB	2024-05-09	2024-05-10
Pretty Observations First Seen2024-05-09 00:46:13 Last Seen2024-05-10 23:25:05 Times Seen3 Hash 39f7556e1a697154428a32bf1d63c292 cd8b0b5d09864c05a834b8e4259b1b91ff0c9c80 b7c507c7da6e80d24fdd648daac51c3354d2f2d1e7d857e547ea4640761b44f8 Loading...

	#9 Eval - ac73c8f8d796d1c8e7bcb8ff283899cc	6.3 kB	2024-01-03	2024-05-17
Pretty Observations First Seen2024-01-03 04:28:00 Last Seen2024-05-17 23:41:02 Times Seen12 Hash ac73c8f8d796d1c8e7bcb8ff283899cc 517208082c1a9c5fc25a14fa277966a57477432e f0a1612336e7bac9cd0c108c570c35611de911b901af68ac9371368314b2f36c Loading...

HTTP Transactions (64)

URL IP Response Size

mitmdetection.services.mozilla.com/

54.230.111.70

0 B

URL
mitmdetection.services.mozilla.com/
IP
54.230.111.70:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
date: Wed, 08 May 2024 22:45:40 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ew6tKBxT6MHJU1_B_Y4L1i4oyqxKUQoEgyFer84pfL0g375I092FkA==
X-Firefox-Spdy: h2

79.127.72.74/

79.127.72.74

272 B

URL
79.127.72.74/
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
XML 1.0 document, ASCII text
Size
272 B (272 bytes)
Hash
bf09f1ff72ee7a91714816f78a2fd976
dc5404c9571e34c3f637a4ca3082212d4fd4d89a
a0e089d1aca81cbe85313ac63b02086d5067eb0424bfa57c56b037314ccbd18a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "30b-110-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:40 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 272

79.127.72.74/webpages/index.html

79.127.72.74

3.3 kB

URL
79.127.72.74/webpages/index.html
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document, ASCII text
Size
3.3 kB (3250 bytes)
Hash
513fc64077750ba6e9c5b0c1da3befec
216d4a19ea0f6521849d9c30e68cb70276f38302
3280522cea1f4e66881cf4e0badc99d7b6d11d1b6944c98d447df0b3ddf9009c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/index.html HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "367-cb2-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:41 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 3250

79.127.72.74/webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630

79.127.72.74

200 OK

1.7 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1712), with no line terminators
Size
1.7 kB (1712 bytes)
Hash
2266db0e4804abc5551b10758d96d9ab
00aa0d250bcc5bb3962b8b597107c0eb14a80208
48b73d75d4d603b31f1c5e538603615adaf8143019776a7ec00248026bb62946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "35e-6b0-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 1712

79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630

79.127.72.74

200 OK

3.1 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (3124), with no line terminators
Size
3.1 kB (3124 bytes)
Hash
7c7d50597056d7447cbd2e9d674a4923
58a7c5b7a8529cfb4a940f267523711c6c31bf72
f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "475-c34-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3124

79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630

79.127.72.74

200 OK

93 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32099)
Size
93 kB (93026 bytes)
Hash
00ff34b67a328f219fa3ae2423d4f252
19715ffee604b54e95a0e9db76f6de2b5125c29e
dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.min.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "473-16b62-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 93026

79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630

79.127.72.74

200 OK

1.5 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1511), with no line terminators
Size
1.5 kB (1511 bytes)
Hash
4f993937854b67c2c8ce9819786133af
32b493527dc9a3af145de5420371d5559fc7a919
e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/base64.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "474-5e7-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1511

79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630

79.127.72.74

200 OK

254 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
254 kB (254162 bytes)
Hash
fd7b696eba21f55cdf751e31ea7bfc91
116e313976d823e86c881045cd9b501ef474b6c7
dea562f989f32844b8bc5a15f62a7bccd55ff4fb59f4814b2f41de8bf72a6b8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/base.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "363-3e0d2-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 254162

79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630

79.127.72.74

200 OK

19 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (18681), with no line terminators
Size
19 kB (18681 bytes)
Hash
725ad30a9b43310ed26f3993ce020b45
3e8015359679df906e9c5cbf6f80b338a8564193
14638370ba54a7005d12d5ff62c3cfb4914b7e910c85f1ad646698185f252341

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/encrypt.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "472-48f9-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18681

79.127.72.74/webpages/js/app/url.js?t=9cfe5630

79.127.72.74

200 OK

323 B

URL GET HTTP/1.1
79.127.72.74/webpages/js/app/url.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (323), with no line terminators
Size
323 B (323 bytes)
Hash
6e7925ced5dc121458d9a719972e5ea9
6de4445680d6cb123fef1bc9add4f5de78c48d3a
30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/app/url.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47b-143-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 323

79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630

79.127.72.74

200 OK

4.4 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (4448), with no line terminators
Size
4.4 kB (4448 bytes)
Hash
d00eae87038ac4282e14bfcdb0ef0b57
c69e3d6e47eef916b0c9f4c81d8eb11b4614942e
2972016a868ddd898f77ad9eb30e1df4e6dcdc1db3f48483ff75e52a8b75b3fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/tpEncrypt.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "478-1160-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 4448

79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630

79.127.72.74

200 OK

37 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (37061), with no line terminators
Size
37 kB (37061 bytes)
Hash
242f7a6460d88d62952bc73f3fdee691
679c50b118801a48f13ab4a0e06c00370d48d719
fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/cryptoJS.min.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47a-90c5-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:42 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 37061

79.127.72.74/webpages/js/su/char.js?t=9cfe5630

79.127.72.74

200 OK

3.8 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/char.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (3828), with no line terminators
Size
3.8 kB (3828 bytes)
Hash
492a8b26dc4ceee50242d80e4949efff
cb78326c06ccc0ab873e0365d90b3a93abd7ff66
5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/char.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46f-ef4-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:43 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3828

79.127.72.74/webpages/js/su/language.js?t=9cfe5630

79.127.72.74

200 OK

1.8 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/language.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text, with very long lines (1827), with no line terminators
Size
1.8 kB (1827 bytes)
Hash
09cc2c95d86f6c689ed557c675d27ea5
2929f18f65cbaaddc21f62a185a55675ba8d1806
7ae8ab0dfd8de0a16214c37009269ac0dc617b602276595156d2960fc4c182af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/language.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46c-723-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:43 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1827

79.127.72.74/webpages/js/su/frame.js?t=9cfe5630

79.127.72.74

200 OK

645 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/frame.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
Size
645 kB (645172 bytes)
Hash
71d0a0253608892f25cbdb57235d9955
0797a6dd125fc839e3aef79fd055b9b39a54501d
6f4b0b7db77d225b4b2c6d8d2c25de19e351a43eadfb460e006fe63526456db3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/frame.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46d-9d834-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:43 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 645172

79.127.72.74/webpages/locale/en_US/lan.js?_=1715208343568

79.127.72.74

146 kB

URL
79.127.72.74/webpages/locale/en_US/lan.js?_=1715208343568
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 text, with very long lines (65514), with no line terminators
Size
146 kB (146527 bytes)
Hash
f5e83aa2654b17ea5019f3a70cd38544
1823a8648b49d1427b94d00529637efbabdcb288
2470287d8786548d5ab83e20662e15b7e98331b80c3422a15481746f9ca91fe4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/en_US/lan.js?_=1715208343568 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4ce-23c5f-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:44 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 146527

79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang&operation=read

79.127.72.74

200 OK

446 B

URL GET HTTP/1.1
79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang&operation=read
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with CRLF line terminators
Size
446 B (446 bytes)
Hash
8fff42d734a046d2450dfb6453f8b3c6
1aff33fbe5a2e20ccc6381391a7c9f1f47242fc5
ed9599a898c5022058f115e43676f78441de2c3c84c59a85af860a6dab4501ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-bin/luci/;stok=/locale?form=lang&operation=read HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

79.127.72.74/webpages/locale/en_US/help.js?_=1715208343569

79.127.72.74

0 B

URL
79.127.72.74/webpages/locale/en_US/help.js?_=1715208343569
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/en_US/help.js?_=1715208343569 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4cd-0-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:45 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 0

79.127.72.74/webpages/locale/language.js?_=1715208343570

79.127.72.74

2.8 kB

URL
79.127.72.74/webpages/locale/language.js?_=1715208343570
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 text, with very long lines (2725), with no line terminators
Size
2.8 kB (2808 bytes)
Hash
4058a0d31cf5bcb37009d68a7485e201
a2a9cd3faeaef2f5ea8493c32dd5994f5adb3073
16a9d8da4d41b9fa60fb3691abfb39d7b029153893ed9b4b649121181a065636

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/language.js?_=1715208343570 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "48f-af8-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:46 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 2808

79.127.72.74/webpages/index.html?t=9cfe5630

79.127.72.74

200 OK

3.3 kB

URL User Request GET HTTP/1.1
79.127.72.74/webpages/index.html?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text
Size
3.3 kB (3250 bytes)
Hash
513fc64077750ba6e9c5b0c1da3befec
216d4a19ea0f6521849d9c30e68cb70276f38302
3280522cea1f4e66881cf4e0badc99d7b6d11d1b6944c98d447df0b3ddf9009c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/index.html?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "367-cb2-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:46 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 3250

79.127.72.74/webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630

79.127.72.74

200 OK

1.7 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1712), with no line terminators
Size
1.7 kB (1712 bytes)
Hash
2266db0e4804abc5551b10758d96d9ab
00aa0d250bcc5bb3962b8b597107c0eb14a80208
48b73d75d4d603b31f1c5e538603615adaf8143019776a7ec00248026bb62946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/perfect-scrollbar.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "35e-6b0-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:47 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 1712

79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630

79.127.72.74

200 OK

1.5 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/base64.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1511), with no line terminators
Size
1.5 kB (1511 bytes)
Hash
4f993937854b67c2c8ce9819786133af
32b493527dc9a3af145de5420371d5559fc7a919
e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/base64.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "474-5e7-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:47 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1511

79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630

79.127.72.74

200 OK

254 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
254 kB (254162 bytes)
Hash
fd7b696eba21f55cdf751e31ea7bfc91
116e313976d823e86c881045cd9b501ef474b6c7
dea562f989f32844b8bc5a15f62a7bccd55ff4fb59f4814b2f41de8bf72a6b8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/base.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "363-3e0d2-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:47 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 254162

79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630

79.127.72.74

200 OK

3.1 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (3124), with no line terminators
Size
3.1 kB (3124 bytes)
Hash
7c7d50597056d7447cbd2e9d674a4923
58a7c5b7a8529cfb4a940f267523711c6c31bf72
f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.backgroundSize.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "475-c34-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3124

79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630

79.127.72.74

200 OK

93 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/jquery.min.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32099)
Size
93 kB (93026 bytes)
Hash
00ff34b67a328f219fa3ae2423d4f252
19715ffee604b54e95a0e9db76f6de2b5125c29e
dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.min.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "473-16b62-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:47 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 93026

79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630

79.127.72.74

200 OK

4.4 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/tpEncrypt.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (4448), with no line terminators
Size
4.4 kB (4448 bytes)
Hash
d00eae87038ac4282e14bfcdb0ef0b57
c69e3d6e47eef916b0c9f4c81d8eb11b4614942e
2972016a868ddd898f77ad9eb30e1df4e6dcdc1db3f48483ff75e52a8b75b3fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/tpEncrypt.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "478-1160-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 4448

79.127.72.74/webpages/js/app/url.js?t=9cfe5630

79.127.72.74

200 OK

323 B

URL GET HTTP/1.1
79.127.72.74/webpages/js/app/url.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (323), with no line terminators
Size
323 B (323 bytes)
Hash
6e7925ced5dc121458d9a719972e5ea9
6de4445680d6cb123fef1bc9add4f5de78c48d3a
30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/app/url.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47b-143-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 323

79.127.72.74/webpages/js/su/language.js?t=9cfe5630

79.127.72.74

200 OK

1.8 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/language.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text, with very long lines (1827), with no line terminators
Size
1.8 kB (1827 bytes)
Hash
09cc2c95d86f6c689ed557c675d27ea5
2929f18f65cbaaddc21f62a185a55675ba8d1806
7ae8ab0dfd8de0a16214c37009269ac0dc617b602276595156d2960fc4c182af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/language.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46c-723-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1827

79.127.72.74/webpages/js/su/char.js?t=9cfe5630

79.127.72.74

200 OK

3.8 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/char.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (3828), with no line terminators
Size
3.8 kB (3828 bytes)
Hash
492a8b26dc4ceee50242d80e4949efff
cb78326c06ccc0ab873e0365d90b3a93abd7ff66
5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/char.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46f-ef4-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3828

79.127.72.74/webpages/js/su/frame.js?t=9cfe5630

79.127.72.74

200 OK

645 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/su/frame.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
Size
645 kB (645172 bytes)
Hash
71d0a0253608892f25cbdb57235d9955
0797a6dd125fc839e3aef79fd055b9b39a54501d
6f4b0b7db77d225b4b2c6d8d2c25de19e351a43eadfb460e006fe63526456db3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/frame.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46d-9d834-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 645172

79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630

79.127.72.74

200 OK

19 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (18681), with no line terminators
Size
19 kB (18681 bytes)
Hash
725ad30a9b43310ed26f3993ce020b45
3e8015359679df906e9c5cbf6f80b338a8564193
14638370ba54a7005d12d5ff62c3cfb4914b7e910c85f1ad646698185f252341

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/encrypt.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "472-48f9-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:50 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18681

79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630

79.127.72.74

200 OK

37 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/cryptoJS.min.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (37061), with no line terminators
Size
37 kB (37061 bytes)
Hash
242f7a6460d88d62952bc73f3fdee691
679c50b118801a48f13ab4a0e06c00370d48d719
fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/cryptoJS.min.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47a-90c5-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:51 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 37061

79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang&operation=read

79.127.72.74

200 OK

147 kB

URL GET HTTP/1.1
79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang&operation=read
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (65514), with no line terminators
Size
147 kB (146663 bytes)
Hash
23b9217388dc1cc8b79ef8ff45ca4d48
0f301986221e5d100af9311be28dd678ccc4024a
f4bb65373abc16b193570087fab1fe6affa98bbea367a9fd8422d0d5a176aad6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-bin/luci/;stok=/locale?form=lang&operation=read HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

79.127.72.74/webpages/locale/en_US/help.js?_=1715208348883

79.127.72.74

200 OK

0 B

URL GET HTTP/1.1
79.127.72.74/webpages/locale/en_US/help.js?_=1715208348883
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/en_US/help.js?_=1715208348883 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4cd-0-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:53 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 0

79.127.72.74/webpages/locale/en_US/lan.css?t=9cfe5630

79.127.72.74

200 OK

310 B

URL GET HTTP/1.1
79.127.72.74/webpages/locale/en_US/lan.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with CRLF line terminators
Size
310 B (310 bytes)
Hash
07562aa0bc9bcb2a235795a97df793f9
ff56c70c1c83f30d54375e873a85f169780a99ed
bdd3ec8634d113797b19ec9139cb78e3097cb12d772e5703ab207da77543800d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/en_US/lan.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4cc-136-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:53 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 310

79.127.72.74/webpages/locale/language.js?_=1715208348884

79.127.72.74

200 OK

2.8 kB

URL GET HTTP/1.1
79.127.72.74/webpages/locale/language.js?_=1715208348884
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (2725), with no line terminators
Size
2.8 kB (2808 bytes)
Hash
4058a0d31cf5bcb37009d68a7485e201
a2a9cd3faeaef2f5ea8493c32dd5994f5adb3073
16a9d8da4d41b9fa60fb3691abfb39d7b029153893ed9b4b649121181a065636

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/language.js?_=1715208348884 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "48f-af8-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:53 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 2808

79.127.72.74/webpages/config/models.json?t=9cfe5630

79.127.72.74

200 OK

35 kB

URL GET HTTP/1.1
79.127.72.74/webpages/config/models.json?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JSON text data
Size
35 kB (34981 bytes)
Hash
c3a1d0b4222c209a22197b5e8474e456
a7c1acd961d173199ab48d5d22041d7440063d14
f9e7cbae44da0ed08fc36ea6acca5ba721de45b8530a7de2f8b977308e59a6c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/config/models.json?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47d-88a5-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:54 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 34981

79.127.72.74/webpages/config/modules.json?t=9cfe5630

79.127.72.74

200 OK

27 kB

URL GET HTTP/1.1
79.127.72.74/webpages/config/modules.json?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JSON text data
Size
27 kB (27332 bytes)
Hash
fe4fa0708f7eba96927b119b0dd16442
724f647fb2463c8c6f94d4b4879951af44973a0d
1f472c0e1350f0a76fa69e5f3b90c15149a63bc853a5ab728099581cdf63d5e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/config/modules.json?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "482-6ac4-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:54 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 27332

79.127.72.74/webpages/config/src.js?t=9cfe5630

79.127.72.74

200 OK

684 B

URL GET HTTP/1.1
79.127.72.74/webpages/config/src.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (684), with no line terminators
Size
684 B (684 bytes)
Hash
50e9b58277a07add6d10883682dd4735
e9140afd17f2f3e8e345fa8f4c5de1cb9ccd78c3
a72634a5582d81f400ae66d3ed0fbc164f486e1571a688d92c89611468ca938b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/config/src.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "480-2ac-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:55 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 684

79.127.72.74/webpages/themes/default/css/total.css?t=9cfe5630

79.127.72.74

200 OK

109 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/css/total.css?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108874 bytes)
Hash
0ca8117f8db17eaa067a916ef038affe
e7edc4f972c3dc126e23bd731e1f0367e350dd5a
f57d6d576a3e84ee84176a4f5f04c94ca05805f108b360bd0c21ab9c5449442a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/total.css?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "35f-1a94a-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:55 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 108874

79.127.72.74/webpages/themes/default/img/replace/favicon.ico?t=9cfe5630

79.127.72.74

200 OK

4.3 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/img/replace/favicon.ico?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
0129caee4c71a24ff426411f703a3340
a1106d808174a4a8720285bdb309240487add806
ccbe82f2728d077626c836cd7048c6628238675179e2fd66fb56853763322446

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/img/replace/favicon.ico?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "990-10be-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:56 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 4286

79.127.72.74/cgi-bin/luci/;stok=/locale?form=country

79.127.72.74

200 OK

1.3 kB

URL POST HTTP/1.1
79.127.72.74/cgi-bin/luci/;stok=/locale?form=country
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
New Line Delimited JSON text data
Size
1.3 kB (1252 bytes)
Hash
a688c56f474dd78f768346eb350c0a3c
9039ed03c774de0d15a69205ce6c40641ffac39a
5c315e77c343268560a788933d9a38c3d58fb63ff88dfe1b9dd31c40ae6b5d81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/locale?form=country HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang

79.127.72.74

200 OK

432 B

URL POST HTTP/1.1
79.127.72.74/cgi-bin/luci/;stok=/locale?form=lang
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
New Line Delimited JSON text data
Size
432 B (432 bytes)
Hash
48b57b1b87245502b58857d0f6952142
9144545056a9cd85183a98872df820d13f9fadb3
ac57ed5028feb292e51b1ee4d576b50607feffd84b3f9a2fca894141bb1d7f54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/locale?form=lang HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

79.127.72.74/webpages/modules/main/main.js?t=9cfe5630

79.127.72.74

200 OK

6.3 kB

URL GET HTTP/1.1
79.127.72.74/webpages/modules/main/main.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (6281), with no line terminators
Size
6.3 kB (6281 bytes)
Hash
ac73c8f8d796d1c8e7bcb8ff283899cc
517208082c1a9c5fc25a14fa277966a57477432e
f0a1612336e7bac9cd0c108c570c35611de911b901af68ac9371368314b2f36c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/main/main.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "447-1889-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:57 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 6281

79.127.72.74/webpages/modules/main/main.html?t=9cfe5630

79.127.72.74

200 OK

2.4 kB

URL GET HTTP/1.1
79.127.72.74/webpages/modules/main/main.html?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
exported SGML document, ASCII text, with CRLF line terminators
Size
2.4 kB (2404 bytes)
Hash
623aab89472013ecb3b0cf4d458ed019
54951ff567507d522ec3963e65ed3104db32ea96
1bcc420e32582285479d7314a272b38ac9c84ec28d2be683c9ff497a0aa65a5b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/main/main.html?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "446-964-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:58 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/html
Content-Length: 2404

79.127.72.74/webpages/themes/default/img/replace/tp_logo_white.png?t=9cfe5630

79.127.72.74

200 OK

1.4 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/img/replace/tp_logo_white.png?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
PNG image data, 288 x 108, 8-bit colormap, non-interlaced
Size
1.4 kB (1377 bytes)
Hash
02af645f3a16d1e3730ba6ca59e4cfb2
d7a017d23b483e76974b1d2c542fd2c547b87e4f
375412e2bf2a21696bdefa37ad271210882fa8e99d316baf54a059f19574e8c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/img/replace/tp_logo_white.png?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "992-561-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:59 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: image/png
Content-Length: 1377

79.127.72.74/webpages/themes/default/img/splash.jpg?t=9cfe5630

79.127.72.74

200 OK

45 kB

URL GET HTTP/1.1
79.127.72.74/webpages/themes/default/img/splash.jpg?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2018:01:16 17:36:34], baseline, precision 8, 1366x769, components 3
Size
45 kB (45269 bytes)
Hash
4453768665cc385ef6c854d75b8dec24
b3ac0ccfaaaed35d8286fc9ee6b8df7a1f924932
c4e8c4e58d5fc192484415e52669863862404c2c593506375341279ffcc6c73f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/img/splash.jpg?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "316-b0d5-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:58 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: image/jpeg
Content-Length: 45269

79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630

79.127.72.74

200 OK

13 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/encrypt.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (13051), with no line terminators
Size
13 kB (13051 bytes)
Hash
8d086850a3acf67d18b65264b27acd8f
1134ca97fe2dad55ae9349f1a6988bfcf5a0496d
c21cc0d2d504626e1743fe7a64f3533d29e02682cec57ebdb85a9a9f04a87d76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/encrypt.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "472-48f9-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:48 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18681

79.127.72.74/webpages/modules/login/models.js?t=9cfe5630

79.127.72.74

200 OK

1.1 kB

URL GET HTTP/1.1
79.127.72.74/webpages/modules/login/models.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1129), with no line terminators
Size
1.1 kB (1129 bytes)
Hash
5bfb585379aa132b88d30c8c87eff188
f93ec16e324b47b638263af14eee5b5c62f16200
b94d6a1450f2bcf68ed93db7d8270a9bb538db3da0f17b6f51b681294042b369

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/models.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "37c-469-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:59 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1129

79.127.72.74/webpages/modules/login/view.html?t=9cfe5630

79.127.72.74

200 OK

6.0 kB

URL GET HTTP/1.1
79.127.72.74/webpages/modules/login/view.html?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with CRLF line terminators
Size
6.0 kB (5956 bytes)
Hash
a892d7bf1fb2bd0ccf6fb92d5e553d8a
df4ed10b97c3717da4afaecee0d2408fa305b5ed
d4635fdc44a90ed668bacd29fd0bd0c9dfcf4900534525f0dedf5b9010764409

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/view.html?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "37d-1744-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:59 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/html
Content-Length: 5956

79.127.72.74/webpages/js/libs/perfect-scrollbar.min.js?t=9cfe5630

79.127.72.74

200 OK

18 kB

URL GET HTTP/1.1
79.127.72.74/webpages/js/libs/perfect-scrollbar.min.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (17945)
Size
18 kB (18020 bytes)
Hash
0afdd3470383b70528738296d529b5a4
4eb3bc63f267a93cc6a6129077e146a170f90474
59c697bcb48861c9e083c0052beae725fb2d32c796dbd1a71de66567b464297d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/perfect-scrollbar.min.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "470-4664-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18020

79.127.72.74/webpages/themes/default/img/spriteImages/png/sprite.total.png?t=9cfe5630

79.127.72.74

96 kB

URL GET
79.127.72.74/webpages/themes/default/img/spriteImages/png/sprite.total.png?t=9cfe5630
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type
PNG image data, 930 x 897, 8-bit colormap, non-interlaced
Size
96 kB (95668 bytes)
Hash
1e126f47631acd32e1cceb53daef30a6
57e64419c28a6053d885eb9fbbc802579731c946
8a334e76d0bc407e6e3e2efb6275779893ade8f901f07636580325af46065c07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/img/spriteImages/png/sprite.total.png?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "341-175b4-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: image/png
Content-Length: 95668

79.127.72.74/webpages/themes/default/img/loading.gif?t=9cfe5630

79.127.72.74

11 kB

URL GET
79.127.72.74/webpages/themes/default/img/loading.gif?t=9cfe5630
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type
GIF image data, version 89a, 38 x 39
Size
11 kB (11241 bytes)
Hash
eb2215bfcdccd10613b172f081793a3a
86c2184d99f782a733ae2f5a543f4b67cb2ee118
5767cce26e31148633ae4803bb80b82691380d1bf7e66e80fdcedee817420064

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/img/loading.gif?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/themes/default/css/base.css?t=9cfe5630
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "32a-2be9-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:01 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: image/gif
Content-Length: 11241

79.127.72.74/webpages/modules/login/localLogin/controllers.js?t=9cfe5630

79.127.72.74

7.6 kB

URL GET
79.127.72.74/webpages/modules/login/localLogin/controllers.js?t=9cfe5630
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type
JavaScript source, ASCII text, with very long lines (7587), with no line terminators
Size
7.6 kB (7587 bytes)
Hash
dfaed4a67cb643c125a4c7abb855a735
4ce5c62147df186315d6ac6d900962dd7f81ed58
88590914500209ace6ed663208362038816aa65404266f5239d0a7967ffb2168

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/localLogin/controllers.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "36e-1da3-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:01 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 7587

79.127.72.74/webpages/modules/login/localLogin/models.js?t=9cfe5630

79.127.72.74

1.4 kB

URL
79.127.72.74/webpages/modules/login/localLogin/models.js?t=9cfe5630
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (1393), with no line terminators
Size
1.4 kB (1393 bytes)
Hash
14194013a35e0e94ed04ca31b21d5f76
72814d910b131bae2991574ce9be0f8bdec1fb7f
a01735c84fd28a717c28d0119ea60824d4dcf90942732f6a682ff4a103bb6dfc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/localLogin/models.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "36f-571-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:01 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1393

79.127.72.74/webpages/modules/login/localLogin/view.html?t=9cfe5630

79.127.72.74

4.8 kB

URL
79.127.72.74/webpages/modules/login/localLogin/view.html?t=9cfe5630
IP
79.127.72.74:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with CRLF line terminators
Size
4.8 kB (4792 bytes)
Hash
2e63d4558fd4dff9bea079c157c8b3b4
bc54d5e530fc97185edb30334cccd7975e5408c3
10c085b93d73715212fe3c06f46402bf791e4e9343b3927a0bf36f4f86a24989

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/localLogin/view.html?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "370-12b8-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:46:01 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/html
Content-Length: 4792

79.127.72.74/cgi-bin/luci/;stok=/login?form=check_factory_default

0.0.0.0

0 B

URL POST
79.127.72.74/cgi-bin/luci/;stok=/login?form=check_factory_default
IP
0.0.0.0:0
ASN
#0

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/login?form=check_factory_default HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

79.127.72.74/webpages/locale/en_US/lan.js?_=1715208348882

79.127.72.74

200 OK

146 kB

URL GET HTTP/1.1
79.127.72.74/webpages/locale/en_US/lan.js?_=1715208348882
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type

Size
146 kB (146527 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/en_US/lan.js?_=1715208348882 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4ce-23c5f-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:52 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 146527

79.127.72.74/cgi-bin/luci/;stok=/domain_login?form=dlogin

0.0.0.0

0 B

URL POST
79.127.72.74/cgi-bin/luci/;stok=/domain_login?form=dlogin
IP
0.0.0.0:0
ASN
#0

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/domain_login?form=dlogin HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

79.127.72.74/webpages/modules/login/controllers.js?t=9cfe5630

79.127.72.74

200 OK

4.9 kB

URL GET HTTP/1.1
79.127.72.74/webpages/modules/login/controllers.js?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (5047), with no line terminators
Size
4.9 kB (4859 bytes)
Hash
242cd32192d5208590568260962b27aa
ba10ecf98f9cdc623423d16521159f4d5a863585
12e336a2a426fe79a24b0155bb738e6bb32cbe9a2b70f7e4c79f95a1d308d482

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/modules/login/controllers.js?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "376-12fb-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:59 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 4859

79.127.72.74/cgi-bin/luci/;stok=/login?form=get_firmware_info

0.0.0.0

0 B

URL POST
79.127.72.74/cgi-bin/luci/;stok=/login?form=get_firmware_info
IP
0.0.0.0:0
ASN
#0

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/login?form=get_firmware_info HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

79.127.72.74/cgi-bin/luci/;stok=/locale?form=list

79.127.72.74

200 OK

817 B

URL POST HTTP/1.1
79.127.72.74/cgi-bin/luci/;stok=/locale?form=list
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1013), with no line terminators
Size
817 B (817 bytes)
Hash
41487d2e09c516404eeb99788fca81fd
326129ea1280353ee58d93284b06238ea6921089
3b042df30b7510e561601e33940f286904d2118af9e239a3f0ba2160e29faad7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi-bin/luci/;stok=/locale?form=list HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

79.127.72.74/webpages/config/device.json?t=9cfe5630

79.127.72.74

200 OK

1.1 kB

URL POST HTTP/1.1
79.127.72.74/webpages/config/device.json?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JSON text data
Size
1.1 kB (1114 bytes)
Hash
21dda8869bca5edefef492cb3a5b7785
7e9458545754f3b137909bca0bad288a560c35f6
25175af42d7117c5f08afa998f14e2c09a69cfb4ea26600d2f30acd5e0b6234d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /webpages/config/device.json?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Origin: https://79.127.72.74
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Connection: close
ETag: "481-45a-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:56 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 1114

79.127.72.74/webpages/config/classes.json?t=9cfe5630

79.127.72.74

200 OK

296 B

URL GET HTTP/1.1
79.127.72.74/webpages/config/classes.json?t=9cfe5630
IP
79.127.72.74:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://79.127.72.74/webpages/index.html?t=9cfe5630
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint10:56:46:32:26:31:77:36:8C:AB:B7:7A:7B:9E:93:E0:2D:C4:1F:E8
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JSON text data
Size
296 B (296 bytes)
Hash
3dc7d6809337552201b6162b1561882b
1bfc14057a3e3957f71fa6a3e488ff00c83a38f5
8d6884ddcd4332b7da92aac49b840987e9ad8f8d303962bd1cff8109fc5d9906

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/config/classes.json?t=9cfe5630 HTTP/1.1
Host: 79.127.72.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://79.127.72.74/webpages/index.html?t=9cfe5630
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "47f-128-62fa252f"
Last-Modified: Mon, 15 Aug 2022 10:51:27 GMT
Date: Wed, 08 May 2024 22:45:57 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 296

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash