87.245.16.139:8080/styles/firefox.css
87.245.16.139200 OK 1.4 kB URL GET HTTP/1.0 87.245.16.139:8080/styles/firefox.css
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type gzip compressed data, max compression, from NTFS filesystem (NT)
Hash 1b636d9b8e09ff8f9d8a93c7b4f2194f
d4796dd8f630275646a5bf2a0a4109cc8148ad1b
ee4af53ca616a8fe4489aaa5e20fb4b956fa0df3b99df8105ea06e3462b1bd26
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /styles/firefox.css HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75231:3406601"
Last-Modified: Tue, 19 Dec 2006 07:27:46 GMT
Content-Encoding: gzip
Content-Type: text/css
Connection: close
87.245.16.139:8080/favicon.ico
87.245.16.139404 The page cannot be found 1.3 kB URL GET HTTP/1.0 87.245.16.139:8080/favicon.ico
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type HTML document, ASCII text, with very long lines (1297), with no line terminators
Hash 49e9d21085ca7386352c6b49ec5771ab
e3b186ff025359bdfa7eb2cd8aeb018d8314d064
071d3c9c848e876074b4119db80f082040123be38687f3e059154f7f7f06f226
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 404 The page cannot be found
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
Content-Length: 422
Content-Type: text/html
Connection: close
87.245.16.139:8080/images/help.png
87.245.16.139200 OK 2.1 kB URL GET HTTP/1.0 87.245.16.139:8080/images/help.png
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Hash 35885cc7ec0f17d655874d95a01d19eb
9b401dc5d6b6565e3b23d8333606ccd5aff95c42
f17478096920fbf6c6cb6dbf2bf62fe901e481a4e67ea066359f4773f1ecc519
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/help.png HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75221:4694601"
Last-Modified: Sat, 09 Dec 2006 11:02:26 GMT
Content-Type: image/png
Connection: close
87.245.16.139:8080/images/chromebg.gif
87.245.16.139200 OK 111 B URL GET HTTP/1.0 87.245.16.139:8080/images/chromebg.gif
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type GIF image data, version 89a, 3 x 50
Hash 829fa527bc00837efeca31ad94c6958e
c3b5904d4a9ed7f4f119fe5b1c2ce40db3e0d813
1ec18e463f6cc3d48ce8c7bc10d6fab53f5bbcd742d50d37ce1c4c3b4ecdaaec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/chromebg.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/styles/all.css
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "74918:8526001"
Last-Modified: Thu, 09 Feb 2006 21:41:00 GMT
Content-Type: image/gif
Connection: close
87.245.16.139:8080/styles/all.css
87.245.16.139200 OK 18 kB URL GET HTTP/1.0 87.245.16.139:8080/styles/all.css
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type ASCII text, with CRLF line terminators
Hash 65ecdd522879f1a8191d5debd119fd8d
3a5dc72f5604eee5aefe24b0bf43f572f7c372a5
2a375b4a357fe315204ffb58aa4f05a7657bbfebac174d05877febb5f575a68c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /styles/all.css HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75313:55201"
Last-Modified: Sat, 10 Mar 2007 22:09:12 GMT
Content-Type: text/css
Connection: close
87.245.16.139:8080/images/heading.png
87.245.16.139200 OK 2.8 kB URL GET HTTP/1.0 87.245.16.139:8080/images/heading.png
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type PNG image data, 50 x 58, 8-bit colormap, non-interlaced
Hash 5c2b6b94cb2406488ed499c3cb0690e6
27dceabc00fa7a51a70559169509cac2a4e03381
95c6484053398763b6523ea408d1e7d1be1932483d7d1b3684bf392edf69112f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/heading.png HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75187:7650801"
Last-Modified: Sun, 05 Nov 2006 19:15:08 GMT
Content-Type: image/png
Connection: close
87.245.16.139:8080/images/ab_flag.gif
87.245.16.139200 OK 1.4 kB URL GET HTTP/1.0 87.245.16.139:8080/images/ab_flag.gif
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type GIF image data, version 89a, 75 x 50
Hash fcb9580b1904e847e95dda4628525513
c351ec77aef7639b62f0e13954b2a05dd2216e86
57bf781614150cf68bb8d1b343561e172ffc73275555d96ee0a5565fdd9d5aff
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/ab_flag.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75248:8052001"
Last-Modified: Fri, 05 Jan 2007 20:22:00 GMT
Content-Type: image/gif
Connection: close
87.245.16.139:8080/images/chromedivider.gif
87.245.16.139200 OK 79 B URL GET HTTP/1.0 87.245.16.139:8080/images/chromedivider.gif
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type GIF image data, version 89a, 2 x 50
Hash d7cf2e570fa65eeaf3c3d8fca89d3fa2
5c9074378ffe78b0a84e31c5eace6f0b61bf9462
30f9fe651e278db1b4bf2eb0664e9c17cba861bbe933a0bb50a872ae3c77b724
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/chromedivider.gif HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/styles/all.css
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "74918:8526001"
Last-Modified: Thu, 09 Feb 2006 21:41:00 GMT
Content-Type: image/gif
Connection: close
87.245.16.139200 OK 3.7 kB URL User Request GET HTTP/1.0 IP 87.245.16.139:8080
File type HTML document, ASCII text, with very long lines (4136), with no line terminators
Hash fc378da5138f4e0d5629212eae693091
f0d2f85c9845a31aad54ed89dd279297e684b045
74761c547875930a896743ed4a23bfa12dd3a9d9345f77a438c2b2abbcb1f026
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:09 GMT
Server: NetTalk-WebServer/4.17
Expires: Mon, 08 May 2023 06:09:09 GMT
Content-Type: text/html
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: SESSIONID=134701077
Connection: close
87.245.16.139:8080/scripts/all.js
87.245.16.139200 OK 192 kB URL GET HTTP/1.0 87.245.16.139:8080/scripts/all.js
IP 87.245.16.139:8080
Requested by http://87.245.16.139:8080/
File type JavaScript source, ASCII text, with very long lines (2054), with CRLF line terminators
Size 192 kB (191736 bytes)
Hash 50048d060d1e98e1814043bd5e7538f3
f719a2f4a4d7046e88eaf0dcd2ab8f9b6fdf3709
545b6c8934e24bc9a56a83c0ae19e7f699608ea6dff3baa94b7fcfc2ba21e432
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /scripts/all.js HTTP/1.1
Host: 87.245.16.139:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://87.245.16.139:8080/
Cookie: SESSIONID=134701077
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Date: Tue, 07 May 2024 06:09:10 GMT
Server: NetTalk-WebServer/4.17
ETag: "75241:5327601"
Last-Modified: Fri, 29 Dec 2006 12:47:56 GMT
Content-Type: application/x-javascript
Connection: close