Report - 212.5.200.222

Report Overview

Submitted URL
212.5.200.222
IP
212.5.200.222
ASN
#6855 Slovak Telekom, a.s.
Submitted
2024-04-26 12:34:18
Access
public
Website Title
IVSWeb 2.0 - Welcome
Final URL
212.5.200.222/new/index.jsp
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
212.5.200.222	unknown	unknown	No data	No data	6.5 kB	608 kB	212.5.200.222

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed
2024-04-26	medium	212.5.200.222	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	212.5.200.222/js/command.js	105 kB	2023-06-04	2024-04-28
Pretty URL 212.5.200.222/js/command.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-04 23:13:36 Last Seen2024-04-28 13:31:39 Times Seen192 Hash c6d853f8092b80b36c3bb4b08c12be56 e0d7219fae1310c531c210b98f67465406e8cf5f eef89bf34fb87a815291933e671ff5cb2ae8eb7fdedca4d1347c23555cbf203e Loading...

	212.5.200.222/js/clientinfo.js	1.6 kB	2023-03-14	2024-04-26
Pretty URL 212.5.200.222/js/clientinfo.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 10:27:40 Last Seen2024-04-26 14:34:25 Times Seen49 Hash fbce6de7da98e03e209056fa6992d8a6 ea9317869db0e991bf41326597c88582b5246f6b 1bbb219fa0209fa21e5625301c98e40c997b6906d18a1b9fbe4e7444776f546f Loading...

	212.5.200.222/js/jquery-1.7.2.min.js	95 kB	2023-03-07	2024-05-06
Pretty URL 212.5.200.222/js/jquery-1.7.2.min.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-05-06 11:16:07 Times Seen13946 Hash b8d64d0bc142b3f670cc0611b0aebcae abcd2ba13348f178b17141b445bc99f1917d47af 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Loading...

	212.5.200.222/js/json_sans_eval.js	8.3 kB	2023-03-07	2024-04-28
Pretty URL 212.5.200.222/js/json_sans_eval.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:35 Last Seen2024-04-28 13:31:39 Times Seen522 Hash 36ff5136abf4856e52e56b0034ee52de 31580de1b6c344cfd00694a78cc464a5a56c10c9 7c7580e4aac9951d8e16f34145d1a13b856ea7afa359818bfb3ea915e083f8b3 Loading...

	212.5.200.222/new/index.jsp	0 B	2023-03-07	2024-05-06
Pretty URL 212.5.200.222/new/index.jsp IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 14:01:16 Times Seen37377918 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	10 B	2023-06-04	2024-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-04 23:13:36 Last Seen2024-04-28 13:31:39 Times Seen236 Hash 3bdba6405cd32cd8005b8c50648bcbfc eecb03d99ce47ea01362b29d8924e2333e90e4c2 b26bd6c3ccd6687f288f808c5888a95fce2710ca89d63eddefb371eee9bb05e2 Loading...

	212.5.200.222/js/httpconnect.js	3.7 kB	2023-03-07	2024-04-28
Pretty URL 212.5.200.222/js/httpconnect.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:35 Last Seen2024-04-28 13:31:39 Times Seen522 Hash 327725d66a1f6f69eaf77a0c4647db64 d919794aae170c761481571b6207089a3555c827 aec270310d0b4fdb103a491f16d56e0a6b90594861ee88c2197c0a446524258c Loading...

	212.5.200.222/js/pop.js	4.3 kB	2023-03-07	2024-04-26
Pretty URL 212.5.200.222/js/pop.js IP 212.5.200.222 ASN #6855 Slovak Telekom, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15:19 Last Seen2024-04-26 14:34:25 Times Seen98 Hash 901f8f77f0ea0e115b317270774ce473 e261cb39728f92b1552338a39d27548950f5e8d0 47f2ea0fbc95a3a872339099bc69d173333d1d1601963016ab188eaaa57d9e6c Loading...

HTTP Transactions (19)

URL IP Response Size

212.5.200.222/

212.5.200.222

2.3 kB

URL
212.5.200.222/
IP
212.5.200.222:0
ASN
#6855 Slovak Telekom, a.s.

File type
HTML document, ASCII text
Size
2.3 kB (2263 bytes)
Hash
6aa754115ac5307c19094ab19558c95f
90d0466e636a3608b90edcf9fdbe7e138d88edc0
e3df04b6c63fbf3d3825518d82b8784b2e4aab6b6de384b3203313e6aa383c6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2263
Content-Type: text/html;charset=UTF-8
ETag: W/"050E6836043C25F8-index"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/css/login.css

212.5.200.222

200 OK

2.1 kB

URL GET HTTP/1.1
212.5.200.222/css/login.css
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
2.1 kB (2072 bytes)
Hash
ee0851fb7aef840f2d49b735c92ee9f0
bc0f4c09f87951675f08a40023422ca42531ee06
3a74a9ff6c035cae6483e2f64b0e5875f89fc525f9bc9c40ecee4a40a51cf98a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.css HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2072
Content-Type: text/css
ETag: W/"050E6836043C25F8-login"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/httpconnect.js

212.5.200.222

200 OK

3.7 kB

URL GET HTTP/1.1
212.5.200.222/js/httpconnect.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.7 kB (3677 bytes)
Hash
327725d66a1f6f69eaf77a0c4647db64
d919794aae170c761481571b6207089a3555c827
aec270310d0b4fdb103a491f16d56e0a6b90594861ee88c2197c0a446524258c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/httpconnect.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3677
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-httpconnect"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/json_sans_eval.js

212.5.200.222

200 OK

8.3 kB

URL GET HTTP/1.1
212.5.200.222/js/json_sans_eval.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
JavaScript source, ASCII text
Size
8.3 kB (8277 bytes)
Hash
36ff5136abf4856e52e56b0034ee52de
31580de1b6c344cfd00694a78cc464a5a56c10c9
7c7580e4aac9951d8e16f34145d1a13b856ea7afa359818bfb3ea915e083f8b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/json_sans_eval.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 8277
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-json_sans_eval"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/clientinfo.js

212.5.200.222

200 OK

1.6 kB

URL GET HTTP/1.1
212.5.200.222/js/clientinfo.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.6 kB (1638 bytes)
Hash
fbce6de7da98e03e209056fa6992d8a6
ea9317869db0e991bf41326597c88582b5246f6b
1bbb219fa0209fa21e5625301c98e40c997b6906d18a1b9fbe4e7444776f546f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/clientinfo.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1638
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-clientinfo"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/command.js

212.5.200.222

200 OK

105 kB

URL GET HTTP/1.1
212.5.200.222/js/command.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with very long lines (395), with CRLF line terminators
Size
105 kB (104688 bytes)
Hash
d59cbc1c694e59836ab032ec314810ef
e90b6ffc1e2546dd1277303dc728c0e202fd5895
29f15cc37329e857fb8d6f0aeb97b022e41315cc6731e8a6494eeb1e10edc428

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/command.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 104688
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-command"
Last-Modified: Fri, 26 Apr 2024 14:33:50 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/new/index.jsp

212.5.200.222

3.3 kB

URL User Request GET
212.5.200.222/new/index.jsp
IP
212.5.200.222:0
ASN
#6855 Slovak Telekom, a.s.

File type
HTML document, ASCII text
Size
3.3 kB (3299 bytes)
Hash
58eb8617a41585d448b15756f3f22009
fd695f50456c10bc181fe096c0fc835a0cb83c16
ed6e3d87b451b0ec5d87fd1f0b3cb2fb00a3661ef7ed11f961655b93e680d5ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/index.jsp HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://212.5.200.222/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3299
Content-Type: text/html;charset=UTF-8
ETag: W/"050E6836043C25F8-index"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/json_sans_eval.js

212.5.200.222

200 OK

8.3 kB

URL GET HTTP/1.1
212.5.200.222/js/json_sans_eval.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
JavaScript source, ASCII text
Size
8.3 kB (8277 bytes)
Hash
36ff5136abf4856e52e56b0034ee52de
31580de1b6c344cfd00694a78cc464a5a56c10c9
7c7580e4aac9951d8e16f34145d1a13b856ea7afa359818bfb3ea915e083f8b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/json_sans_eval.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 8277
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-json_sans_eval"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/clientinfo.js

212.5.200.222

200 OK

1.6 kB

URL GET HTTP/1.1
212.5.200.222/js/clientinfo.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.6 kB (1638 bytes)
Hash
fbce6de7da98e03e209056fa6992d8a6
ea9317869db0e991bf41326597c88582b5246f6b
1bbb219fa0209fa21e5625301c98e40c997b6906d18a1b9fbe4e7444776f546f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/clientinfo.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1638
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-clientinfo"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/httpconnect.js

212.5.200.222

200 OK

3.7 kB

URL GET HTTP/1.1
212.5.200.222/js/httpconnect.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.7 kB (3677 bytes)
Hash
327725d66a1f6f69eaf77a0c4647db64
d919794aae170c761481571b6207089a3555c827
aec270310d0b4fdb103a491f16d56e0a6b90594861ee88c2197c0a446524258c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/httpconnect.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3677
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-httpconnect"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/css/login.css

212.5.200.222

200 OK

2.1 kB

URL GET HTTP/1.1
212.5.200.222/css/login.css
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
2.1 kB (2072 bytes)
Hash
ee0851fb7aef840f2d49b735c92ee9f0
bc0f4c09f87951675f08a40023422ca42531ee06
3a74a9ff6c035cae6483e2f64b0e5875f89fc525f9bc9c40ecee4a40a51cf98a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.css HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2072
Content-Type: text/css
ETag: W/"050E6836043C25F8-login"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/pop.js

212.5.200.222

200 OK

4.3 kB

URL GET HTTP/1.1
212.5.200.222/js/pop.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
4.3 kB (4327 bytes)
Hash
901f8f77f0ea0e115b317270774ce473
e261cb39728f92b1552338a39d27548950f5e8d0
47f2ea0fbc95a3a872339099bc69d173333d1d1601963016ab188eaaa57d9e6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/pop.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 4327
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-pop"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/command.js

212.5.200.222

200 OK

105 kB

URL GET HTTP/1.1
212.5.200.222/js/command.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
Unicode text, UTF-8 text, with very long lines (395), with CRLF line terminators
Size
105 kB (104688 bytes)
Hash
d59cbc1c694e59836ab032ec314810ef
e90b6ffc1e2546dd1277303dc728c0e202fd5895
29f15cc37329e857fb8d6f0aeb97b022e41315cc6731e8a6494eeb1e10edc428

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/command.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 104688
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-command"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/js/jquery-1.7.2.min.js

212.5.200.222

200 OK

95 kB

URL GET HTTP/1.1
212.5.200.222/js/jquery-1.7.2.min.js
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
95 kB (94840 bytes)
Hash
b8d64d0bc142b3f670cc0611b0aebcae
abcd2ba13348f178b17141b445bc99f1917d47af
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-1.7.2.min.js HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 94840
Content-Type: application/javascript
ETag: W/"050E6836043C25F8-jquery-1.7.2.min"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/old/l_bt.png

212.5.200.222

200 OK

637 B

URL GET HTTP/1.1
212.5.200.222/old/l_bt.png
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
PNG image data, 72 x 23, 8-bit/color RGB, non-interlaced
Size
637 B (637 bytes)
Hash
6ec0a2fd1e9f11fe7d94b5ffa33ca93b
8536d9c9da491c2a4293d23bc0f84ae49f4ffe9f
845f4ebbe0d8b692261ffa4737b6513f6f281ca129bdb98f327207a8e70b6271

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /old/l_bt.png HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/css/login.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 637
Content-Type: image/png
ETag: W/"050E6836043C25F8-l_bt"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/image/l_bg.jpg

212.5.200.222

200 OK

35 kB

URL GET HTTP/1.1
212.5.200.222/image/l_bg.jpg
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1440x421, components 3
Size
35 kB (35023 bytes)
Hash
c4834bd9949d9eeb1a5be10d23f97585
d527651537712547fea5bbe14570903017075505
1178c30e273261d89ec1f261a89a1ed902e5831556dc7575f4ebc3c62da03607

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/l_bg.jpg HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/css/login.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 35023
Content-Type: image/jpeg
ETag: W/"050E6836043C25F8-l_bg"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/image/l_bgx.png

212.5.200.222

200 OK

58 kB

URL GET HTTP/1.1
212.5.200.222/image/l_bgx.png
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
PNG image data, 515 x 215, 8-bit/color RGBA, non-interlaced
Size
58 kB (58063 bytes)
Hash
567bdb0829e32372a299587f654731f7
99df5567e6c46873e0d389352c2926d08422372f
82685e44e124e694129fd1383b20af8e28f7e17701f6dee6650cfd91a3220f4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/l_bgx.png HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/css/login.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 58063
Content-Type: image/png
ETag: W/"050E6836043C25F8-l_bgx"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

212.5.200.222/favicon.ico

212.5.200.222

404 NOT FOUND

9 B

URL GET HTTP/1.1
212.5.200.222/favicon.ico
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
ec65a3dc9c958c8350012207a7e11c7d
b18ee9a29706a8b7352fdcf012f02c77cbdd08e1
d262339346a267abf5207c549ae7a9c792fcbf1055be3dc5753dcda7176304e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/new/index.jsp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 NOT FOUND
Content-Length: 9
Content-Type: text/html
Server: WCY_WEBServer/2.0

212.5.200.222/image/loginmain.jpg

212.5.200.222

200 OK

165 kB

URL GET HTTP/1.1
212.5.200.222/image/loginmain.jpg
IP
212.5.200.222:80
ASN
#6855 Slovak Telekom, a.s.

Requested by
http://212.5.200.222/new/index.jsp

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=900, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1440], baseline, precision 8, 1440x900, components 3
Size
165 kB (165340 bytes)
Hash
6bc39cd6b127a1645e8b6db18eb8f1ab
6f51ddcb98a671f38796260a0aee660b56113d20
65ac6086cd1853c1efca176835cbc9b8ef88200c45866b0470f4264c8264f8c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/loginmain.jpg HTTP/1.1
Host: 212.5.200.222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://212.5.200.222/css/login.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 165340
Content-Type: image/jpeg
ETag: W/"050E6836043C25F8-loginmain"
Last-Modified: Fri, 26 Apr 2024 14:33:51 GMT
Server: WCY_WEBServer/2.0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)