| | 176.53.182.224 | 200 OK | 7.4 kB |
URL User Request GET HTTP/1.1IP176.53.182.224:80
File typeHTML document, Unicode text, UTF-8 text, with very long lines (8660) Hash69861a8d030b1ba0f210633dba4412ab bbc134c69a1453c58a175b73914b99df1a770ddb c0583c5c050b122dbd29d3cfb04eb62a0f471bf8b077b535506971dc8d7cbe97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7364
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=9ae62ed218dd12d0454bfba24d5f0b3d; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=tr1moO%2FTNXEY7wnOC9abUbOOsVy0RtPkCRbGxPGMFVVlxeDokDNU1PA%2Bu1WhrJgN6qCecv%2FcBIhg6e8n%2BBEg%2FuwTDHG23JP0LQnPr7r6jzPRIPwvCx8xib5R9FK6m%2F4T; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=9ae62ed218dd12d0454bfba24d5f0b3d; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=9ae62ed218dd12d0454bfba24d5f0b3d; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=9ae62ed218dd12d0454bfba24d5f0b3d; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-SkhmQjhsWks4K1BUQVRWV1hrSEx5RWxMT2xvOFBaY1hIQllyWEdRSGYrND06ZGh5Z3dTY3pvY2poYjNFQ0tSdjZqeGtLWEFsMVovRllXbUlBUGs5K0tZYz0=' blob:;script-src-elem 'strict-dynamic' 'nonce-SkhmQjhsWks4K1BUQVRWV1hrSEx5RWxMT2xvOFBaY1hIQllyWEdRSGYrND06ZGh5Z3dTY3pvY2poYjNFQ0tSdjZqeGtLWEFsMVovRllXbUlBUGs5K0tZYz0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self' data:;child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self'
X-Request-Id: CSb34JyQcu1QVciNTqjr
Feature-Policy: autoplay 'self';camera 'self';fullscreen 'self';geolocation 'none';microphone 'self';payment 'none'
Content-Encoding: gzip
|
|
| 176.53.182.224/core/css/server.css?v=645af867-2 | 176.53.182.224 | 200 OK | 18 kB |
URL GET HTTP/1.1176.53.182.224/core/css/server.css?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (65536), with no line terminators Hash44bb643120cbc3de830778739643bd22 64492a07b8aeac3b1534e0d7ea31c4c7064e75e2 22c14e4534050165b8e732349abe6dffcc0117c3cd0c3c77db08f498e6e78792
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/css/server.css?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/css
Content-Length: 17744
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:37:57 GMT
ETag: "1e87f-60e95063860b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/apps/theming/css/default.css?v=70e2b24f-2 | 176.53.182.224 | 200 OK | 1.2 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/css/default.css?v=70e2b24f-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hash485aacf91a51624e18e3664da03caca3 bdf91e41f20fc1a74b2e0a9a640ec3e97ada302b 5fd2654c13b7630e23273fbcb2fb67c41dd095aea426e258460c70f1cd5ca70e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/css/default.css?v=70e2b24f-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/css
Content-Length: 1229
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:37:53 GMT
ETag: "ebe-60e9505fd0ce7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/custom_apps/integration_gitlab/css/gitlab-search.css?v=93dc1ecd-2 | 176.53.182.224 | 200 OK | 159 B |
URL GET HTTP/1.1176.53.182.224/custom_apps/integration_gitlab/css/gitlab-search.css?v=93dc1ecd-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hash68da4fd13f681ff3a4bea5dff7132887 cadeb2efe982e3487b7e078e12779088afceb8fe 0fc6b190b721731863a5f7fec9f2f7dcec8c03fa2fb805b6d62767f637c2f565
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /custom_apps/integration_gitlab/css/gitlab-search.css?v=93dc1ecd-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/css
Content-Length: 159
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Apr 2024 11:40:55 GMT
ETag: "eb-615a8652525a0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/core/css/guest.css?v=645af867-2 | 176.53.182.224 | 200 OK | 4.6 kB |
URL GET HTTP/1.1176.53.182.224/core/css/guest.css?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (15599) Hash54593932730e6d3fc6596d54506279c8 d032fc5fa641802017ec94e3badb1f591e0ca407 f72d4662bcd8917fd01d6ce71dddc22a4d5ddc1df150c594222692a0380d2815
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/css/guest.css?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/css
Content-Length: 4565
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:37:57 GMT
ETag: "4039-60e950637f354-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/apps/theming/js/theming.js?v=645af867-2 | 176.53.182.224 | 200 OK | 60 B |
URL GET HTTP/1.1176.53.182.224/apps/theming/js/theming.js?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hash44b0d37d24a2e33ca0b64b50f83cfd6a 1c09d10dcabf2c8fac03ea3b56852ca3feb58cb0 ec4e73e49bca3f6e523c3dfd66e58fa157c81c4da5eb3fa0ceaa589ba8dc0785
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/js/theming.js?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/javascript
Content-Length: 60
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:37:54 GMT
ETag: "3c-60e950605a813"
Accept-Ranges: bytes
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/dist/core-login.js?v=645af867-2 | 176.53.182.224 | 200 OK | 47 kB |
URL GET HTTP/1.1176.53.182.224/dist/core-login.js?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65454) Hash125543163623d9190a6a0408ee7d6ece e92a933a79c7055629d4b05d3acc8a47e4aaa855 e4e61196c5f8030ac6dedb3c7615ea45d3e5589cae36e798a3086a233ef8ce89
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-login.js?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/javascript
Content-Length: 46771
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:38:02 GMT
ETag: "23241-60e950683e137-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/apps/theming/theme/default.css?plain=1&v=da4b9237 | 176.53.182.224 | 200 OK | 1.1 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/default.css?plain=1&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (3316), with no line terminators Hash1c6d7d63f032b3bbdd12ad32f62e4ff7 d96cce6c9160044582034506f8c6c5883ca87155 ced9647f0948329797f70ce239953e2a0112ad9af641d48001df911eea3f3c65
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/default.css?plain=1&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1102
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=08fe7dec26467fdef3038925d6f49cbc; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=p3%2Fz%2BMbpypFQ1hkmIAR4gzKw0F%2Bh2W67MY6TBJzJG%2FVnwNEOtzghvxzfN4LO9hpyFiUDfGxxy5DkKVUfAyRaJm8jJygdXmQmTExCvxI1cymI%2BwLdEAH1nMvGU%2Br%2B6dC%2F; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=08fe7dec26467fdef3038925d6f49cbc; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=08fe7dec26467fdef3038925d6f49cbc; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: idG6xnW56OrSRCIjMV8B
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/light.css?plain=1&v=da4b9237 | 176.53.182.224 | 200 OK | 1.1 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/light.css?plain=1&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (3316), with no line terminators Hash1c6d7d63f032b3bbdd12ad32f62e4ff7 d96cce6c9160044582034506f8c6c5883ca87155 ced9647f0948329797f70ce239953e2a0112ad9af641d48001df911eea3f3c65
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light.css?plain=1&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1102
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=2514f233c7d09e8280f2bb5d22fe4ff7; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=G96CdT9L5Gg26eFoMHw0LjI%2BwDFknkG2Obwbv4i%2FpEEiiwwLVbMhjIYQ30XQlwuvMqbXyw0sLKrKKbz8TKF1L1R%2Fbjo2lBAFhMdDvAVWO5nXAmW%2F2lO%2BahYxOC2wzQC4; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=2514f233c7d09e8280f2bb5d22fe4ff7; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=2514f233c7d09e8280f2bb5d22fe4ff7; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: 5OSkG9CiK6WFqKheUP2N
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/light.css?plain=0&v=da4b9237 | 176.53.182.224 | 200 OK | 1.1 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/light.css?plain=0&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hash5dc5ef66c5f8c110d02e7612fdf0f245 fa32e764fbb8da2e7010b050a99ccf11ed97a61e 6d477eb1c33c809a6f75eb164cc487e7c896b8540180241049d5b8bbcd913e1a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light.css?plain=0&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1126
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=996723a49d7434e189f3fdf7ff1cf439; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=zH7IEi5ndeOPh6XLDhTzwFazUaRRg13%2F0WaA5aMwiUlNaJe3qVjYWsqDXYWD1cSJVD84W140q8n8qsLae5lI97UjhnerDYdDZ7udNR11H6jCV0zdpEnTHi%2BMieLd%2BNoV; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=996723a49d7434e189f3fdf7ff1cf439; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=996723a49d7434e189f3fdf7ff1cf439; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: nZxFMsyZ54RtCXwAHPUQ
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/dark.css?plain=0&v=da4b9237 | 176.53.182.224 | 200 OK | 1.1 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/dark.css?plain=0&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hashd3765c152462754173e12e17272638dd 44ffe81d57bbdc18de3a4d3bb34765178140849e 38133acce81b0f41d7d497e37e429631ee137c60d53f57a4c0758c21fa377eaa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark.css?plain=0&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1108
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=d9df2f40d155a8205c814314509e8f3c; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=qz%2FO4%2Fbi%2FSoobM2jMxBptu4%2F%2BT0%2BiguvbxmTIBm8g%2BrKUBk9B%2Fo32g5cTV%2FZO%2BQnwLeLovnTn5wKRvwlqYhkQlbDCeAvFnvy%2BgSsV6hM88rzFRKC7vhsCV1IlnKzpwEk; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=d9df2f40d155a8205c814314509e8f3c; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=d9df2f40d155a8205c814314509e8f3c; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: AGqiGZvGtEkaWRHWG92k
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/dist/icons.css | 176.53.182.224 | 200 OK | 31 kB |
URL GET HTTP/1.1176.53.182.224/dist/icons.css IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (1612) Hashc45140effc728b83729c2648fadf47df 59da0e1dc996e5c7ac49fb9dc275216370cce973 49d4427485c8a3de6a23ea9e101d9a00668b29d47179656756917ed00826613b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/icons.css HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css
Content-Length: 30567
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:38:02 GMT
ETag: "3558d-60e95068a78bf-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463
|
|
| 176.53.182.224/apps/theming/theme/light-highcontrast.css?plain=0&v=da4b9237 | 176.53.182.224 | 200 OK | 1.2 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/light-highcontrast.css?plain=0&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hashcc9bf0e102b653828d23e446c7f7fd62 215aac9d4a0ef7039b8309e0ad8bccbb82ee6631 bd507c4056f5aee7af1e3877140e0b25a2b4a4bedc83610d071193f7555bf294
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light-highcontrast.css?plain=0&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1175
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=df4116f6a86c3a046aa3a42d2e962f91; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=3XD%2Bv9lBCG3ZLHAujQVndj6JWYRDhlOvxo8vnHer9Dn6zT2mKPR7V8eEK%2F8DrUT6dxoIyN33m31pcgt89G2uy5%2F6RB%2FO2ixPCntHf1idCvHR6o8pSeTGL6FvcOv8CS9d; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=df4116f6a86c3a046aa3a42d2e962f91; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=df4116f6a86c3a046aa3a42d2e962f91; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: GaFDTAkIm9BNQXkb705a
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/dark-highcontrast.css?plain=0&v=da4b9237 | 176.53.182.224 | 200 OK | 1.2 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/dark-highcontrast.css?plain=0&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hash422fe1f6e7fb2877535c48deb0fde5a8 9d73f7fa01f956ff9af26714fb859666fe7898ed f36d193409b895d83196831fc36c5d2ba819c987adeab0fd5c3e5dae5fbf61a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark-highcontrast.css?plain=0&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1192
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=ce0d5f9c53ffd162fb14e4d2d093db57; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=khcZ%2F206Uala2LiGmKCplNNRheoIpdh2LoZxb%2FL4%2BPWxbkI4CGzEqYcjEU%2Bm32J7klHEz1isgjp%2FZV9fxtJMxe0FqaV6zGwvYpOBKEdSu6td8GNifIwuy9x3D8lnK0M6; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=ce0d5f9c53ffd162fb14e4d2d093db57; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=ce0d5f9c53ffd162fb14e4d2d093db57; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: H0lFVldScTle7SiLb7pq
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/opendyslexic.css?plain=0&v=da4b9237 | 176.53.182.224 | 200 OK | 335 B |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/opendyslexic.css?plain=0&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
Hashf089960b32898903ace728fd7e8df347 c2bf30951fc674103790703045320ac11b801154 2c7dc2e4c6eec5d0530ec5524e10b8653c2f9e0e4d6b97b7082a6ed80d032462
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/opendyslexic.css?plain=0&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 335
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=cc26ed1ad1c9e21639f71e44e2b2b984; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=l%2Fyz8EMWccnp%2FbKjhPngKBJgGqJardlrll1XismMCUQ6cm%2Fim3kkZMYRInLca32Iy3LK5E2xd2PBMDl6xaq2YPkyOV%2BhEQcW8dv5OAGyrUOSJCTOy9qUzXFXWZoxyqm2; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=cc26ed1ad1c9e21639f71e44e2b2b984; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=cc26ed1ad1c9e21639f71e44e2b2b984; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: rdqtDNKzfyg4CbXZbqSI
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/theme/dark.css?plain=1&v=da4b9237 | 176.53.182.224 | 200 OK | 1.1 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/dark.css?plain=1&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (3261), with no line terminators Hash9c8d9e179de5f8244dbb33c4868d6289 9b1aa0948f9af9a9603ed16f045e6bcc09537a24 91755243a7d2d8ebdb80e17bc4c31691bddaffa77da3018badf21374310780b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark.css?plain=1&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1083
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=39ce0de1ff00871fb3d22aceae34b30a; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=%2FcOWQNYeYq6rOCMNHZDwIuGEsOZ9ndpOrhNG%2BcXLsh6iHNCJDXA5DWwbDUUOnXl8%2BJ3Zz8faTO5qR1mJzSVNt57SbDJGoLLJE4RnFKYoH%2BBaxycUb9S5uXpxxYI7iKZ2; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=39ce0de1ff00871fb3d22aceae34b30a; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=39ce0de1ff00871fb3d22aceae34b30a; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: 3CPq5eFfDvstyxxRLlGn
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/dist/core-main.js?v=645af867-2 | 176.53.182.224 | 200 OK | 279 kB |
URL GET HTTP/1.1176.53.182.224/dist/core-main.js?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65459) Size279 kB (278706 bytes) Hashb4c4ea6e71b2483910183abbc26037ef 31f4c5ccd1034cb41712e0931b7d3a717d10514e ace3590bd5852cff2e2923320483734917204a5ed5e2508423e0a270eab98d76
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-main.js?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:38:02 GMT
ETag: "e6dbf-60e9506846dd7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/apps/theming/theme/light-highcontrast.css?plain=1&v=da4b9237 | 176.53.182.224 | 200 OK | 1.2 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/light-highcontrast.css?plain=1&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (3192) Hash2bd91217ff44817361628167ace10ff2 0f68cccdc8254327812ac7120d55c19947498596 d5d14b5893d3e7c89729a178ca5c038f14617e6ec5f63395d53b1bbeaf55f03b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light-highcontrast.css?plain=1&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1151
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=d228b8638d67fd39fa71ea116852ceab; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=4WsukM2%2BRJouIvm2Oj10cBCZ5ylHmYSyL2s09tD%2BApmcck%2BQ0vKV%2BNPFpgltuE1GrV4RLgJbVR4HkoVnurpj9BNugPvL%2FCk%2B3kr84U5Lq6ykRNT6F4G1M2A7FB6NI8Ie; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=d228b8638d67fd39fa71ea116852ceab; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=d228b8638d67fd39fa71ea116852ceab; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: oovODbaPD2yTxAz6pwfQ
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/apps/theming/image/logo?v=2 | 176.53.182.224 | 200 OK | 22 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/image/logo?v=2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=927, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=2362], baseline, precision 8, 185x73, components 3 Hashaf673ac0be8ad513ecdfe83bef07461b 4f74f3a30ccc63a0725f0f9f60258d9d0e742844 5fefafb7fe425e32c05d67063a325b97e4a975197171a7eb027eb036c3c91a61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/image/logo?v=2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: image/jpeg
Content-Length: 21522
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Tue, 07 May 2024 23:25:28 +0000
Cache-Control: private, max-age=3600, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=fc18153e8e58cd15788d1272e4bcf521; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=Qfd1Jy8BQmLvXmlq5zEv0ogl8QpEeziqPnJ7iGnp7CLwn%2F201wW6fQElOCfIfv5ClDjB18FVo5%2FLcVS2S2yJklhkc1q7pf8asqw5YOQIibEXEzk6LOv0dRuEb%2FINYPzr; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=fc18153e8e58cd15788d1272e4bcf521; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=fc18153e8e58cd15788d1272e4bcf521; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-QkcvSGlNRlVyTXhPWGVLV1k4bTdubkdSWW5UTzFvVXZUNnlTaTVUOGgxMD06U0NxQy81QVZsZjhXRWEvTVVhZVE4ajJrTjB5bTVzdDVHTjNDMGY2TDZXND0=' blob:;script-src-elem 'strict-dynamic' 'nonce-QkcvSGlNRlVyTXhPWGVLV1k4bTdubkdSWW5UTzFvVXZUNnlTaTVUOGgxMD06U0NxQy81QVZsZjhXRWEvTVVhZVE4ajJrTjB5bTVzdDVHTjNDMGY2TDZXND0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self' data:;child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self'
X-Request-Id: ykdpCysA9LUoAizYhnR6
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Last-Modified: Wed, 19 Jul 2023 16:37:45 +0000
ETag: "238ac5bdb3cf28cc59aa41fcf1b4c270"
Content-Disposition: attachment; filename="logo"
|
|
| 176.53.182.224/apps/theming/img/background/kamil-porembinski-clouds.jpg | 176.53.182.224 | 200 OK | 190 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/img/background/kamil-porembinski-clouds.jpg IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, progressive, precision 8, 3840x2550, components 3 Size190 kB (190294 bytes) Hash93151e886361e075892cb8ea2dae3f3e 452df028f5e02b82d487b41fcd29b74682475796 2f34636d12e5a59e6798cbece88456148131af4ca16946dab87db7ee47d53b4c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/img/background/kamil-porembinski-clouds.jpg HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: image/jpeg
Content-Length: 190294
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:37:54 GMT
ETag: "2e756-60e950603370f"
Accept-Ranges: bytes
Cache-Control: max-age=15778463
|
|
| 176.53.182.224/apps/theming/theme/dark-highcontrast.css?plain=1&v=da4b9237 | 176.53.182.224 | 200 OK | 1.2 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/theme/dark-highcontrast.css?plain=1&v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeASCII text, with very long lines (3186) Hash324eec51245a8caa6e742697137a3f57 b6183e1b2ead0b9cdb28fb98f8d04f00d22d416e 9cc8df95f0d5726ad96e7e00b105492cbff726ba9a87eb4aa1757549fa342d40
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark-highcontrast.css?plain=1&v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:28 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 1170
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:28 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=ff215fceb8089cb071621fd206f1860b; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=2M38Q%2FtzF3zJBEp14hv3SDfkkfshktytCFTgFfRN9XgGlFLdLuMXNMesq7kXFoTrb46rZXRxOImOFzIMgTDjUYNhkTq4MtCExEx9fMhGYcxJgFwZl6d3fvN%2Bwkc67lnu; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=ff215fceb8089cb071621fd206f1860b; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=ff215fceb8089cb071621fd206f1860b; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: O9QHFukIIbPWHUnVlKLq
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Content-Disposition: inline; filename=""
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 176.53.182.224/dist/core-common.js?v=645af867-2 | 176.53.182.224 | 200 OK | 841 kB |
URL GET HTTP/1.1176.53.182.224/dist/core-common.js?v=645af867-2 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65285) Size841 kB (841413 bytes) Hash79f881562e9fb3123cf7aae93309acf9 db43c43f598d4eb868e9526e60bf19d6e16555b0 1a5da877a6c6198971e2e403e4ac398f58f3277b8e3baa9695eb5389d60a3212
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-common.js?v=645af867-2 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:38:02 GMT
ETag: "42a2fe-60e95067f3db1-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=15778463, immutable
|
|
| 176.53.182.224/core/img/loading-dark.gif | 176.53.182.224 | 200 OK | 4.7 kB |
URL GET HTTP/1.1176.53.182.224/core/img/loading-dark.gif IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeGIF image data, version 89a, 32 x 32 Hash7446c22d8ed8b7b4641adc5dc30f39d2 1ccb798de57db7a5d8996c3eac5ffc3c6b0c5147 93b795ec06aebf7141dbfb46cf6fa51fb964d2a5c0646303eb135b38d007a0a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/img/loading-dark.gif HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:29 GMT
Content-Type: image/gif
Content-Length: 4683
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 10 Jan 2024 10:38:00 GMT
ETag: "124b-60e95065f4207"
Accept-Ranges: bytes
Cache-Control: max-age=15778463
|
|
| 176.53.182.224/apps/theming/favicon?v=da4b9237 | 176.53.182.224 | 200 OK | 90 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/favicon?v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hashda7530354aaa0e2f975a92f2264379c3 665693c500149a6bc8d3cef8e13515371edf4d72 ba93e3c3ce7d6cb8c9ff7dd30ca153137cc8de9695c41fe41a3ff156f24c851a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/favicon?v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:29 GMT
Content-Type: image/x-icon
Content-Length: 90022
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:29 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=362325b0245be0f27fb5e39f1bcba194; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=etFns0kDvSlGjrgT7y6dBisRsr2nFM78hcY4irhNa1666Gzhnuf4Kleu9mwvzdnIm7b2hjpLAQbOpbkLaMCJpRa%2BQvile%2BqBKywEOlCOASwtScX9x%2FjcsRxbb%2FF8JS8d; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=362325b0245be0f27fb5e39f1bcba194; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=362325b0245be0f27fb5e39f1bcba194; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: KoRB0zDKnqXxmZmVleOp
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Last-Modified: Sun, 04 Feb 2024 02:30:41 +0000
ETag: "618b0e39e2aa3869d44e59b5e7f4ef8e"
Content-Disposition: inline; filename="favIcon-core#0082c9"
|
|
| 176.53.182.224/apps/theming/icon?v=da4b9237 | 176.53.182.224 | 200 OK | 119 kB |
URL GET HTTP/1.1176.53.182.224/apps/theming/icon?v=da4b9237 IP176.53.182.224:80
Requested byhttp://176.53.182.224/login
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced Size119 kB (118801 bytes) Hash9ab60bf248b3d27aaa816dad762924d9 2e42f6fa6c0ce105da67076ffa599091f63d2c99 ecbe7cd5a0d391f32c1bb306291bdccb4e3585c5f34f6923c54a02508497920d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/icon?v=da4b9237 HTTP/1.1
Host: 176.53.182.224
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 07 May 2024 22:25:29 GMT
Content-Type: image/png
Content-Length: 118801
Connection: keep-alive
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/8.2.14
Expires: Wed, 08 May 2024 22:25:29 +0000
Cache-Control: private, max-age=86400, must-revalidate
Pragma: no-cache
Set-Cookie: ocmn1qcsiumg=05391854c3e17744d274561f7c24af92; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=FOE6q0l8GDqy%2BrXLPYLSdF6iZ6knB8azWa73%2BLeXPOh2Apf4%2B0f5%2BUlOLDflNcXh1711mA9UEngp6x2LL2cwVmG3Ye9QZssS098ytqKNnWjBxGOXy3CAL6Vbkc9D57Fp; path=/; secure; HttpOnly; SameSite=Lax
ocmn1qcsiumg=05391854c3e17744d274561f7c24af92; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocmn1qcsiumg=05391854c3e17744d274561f7c24af92; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
X-Request-Id: WJ1PcymJaZtrTlZbZpRe
Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
Last-Modified: Mon, 05 Feb 2024 07:32:00 +0000
ETag: "b1e1a320435d7ceaf4b96097c93dd606"
Content-Disposition: inline; filename="touchIcon-core#0082c9"
|
|