Report - 158.64.40.100/login.php

Report Overview

Submitted URL
158.64.40.100/login.php
IP
158.64.40.100
ASN
#2602 Fondation RESTENA
Submitted
2024-05-08 10:28:01
Access
public
Website Title
DSKnet By DSK Systems S.A. -Identification
Final URL
158.64.40.100/login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
158.64.40.100	unknown	unknown	2022-11-04	2022-11-04	11 kB	567 kB	158.64.40.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed
2024-05-08	medium	158.64.40.100	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	158.64.40.100/login.php	0 B	2023-03-07	2024-05-19
Pretty URL 158.64.40.100/login.php IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 21:52:38 Times Seen37844345 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	5 B	2023-07-01	2024-05-08
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen9 Hash c0b63c13bba8396f66c073b0d92798f0 58c9d0b0eae1de066ab8c90731016438b9616c38 42635c1e02d7b6c8b47dfd3995a38bf18963504c32b5fbf53fff48c2a1026827 Loading...

	158.64.40.100/menu/stmenu.js	26 kB	2023-07-01	2024-05-08
Pretty URL 158.64.40.100/menu/stmenu.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen14 Hash 923edf9a679285bdd98e70d586bf2549 df2c8687adbcd76e0529f15a0f8181fa2a35efd8 911147d5767796f45f4fd2d916904e6af04692d364ff8e9c2730d60df42dc8ec Loading...

	158.64.40.100/menu/stcode.js	95 kB	2023-07-01	2024-05-08
Pretty URL 158.64.40.100/menu/stcode.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen14 Hash 471201ebab6e64c740057a13fec21456 0c1ffd24aa01c7226b9d20b05a0d2f67bc0cab56 7c89b71d9af831b74da2cf5e647f2165b54cbb435ab77c7ddac5092b2063b169 Loading...

	158.64.40.100/java/jquery/jquery-1.7.2.min.js	95 kB	2023-07-01	2024-05-08
Pretty URL 158.64.40.100/java/jquery/jquery-1.7.2.min.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen7 Hash 5878715742036e54e2ba3cdd1e572f90 05286f7027dc2ff2d1434f2544263168b8e35afa 300c3e1d87ea6ce273369dc1e796f8b90e748efa803045d5718928968362a98b Loading...

	158.64.40.100/java/jquery/jquery-ui-1.8.19.custom.min.js	207 kB	2023-07-01	2024-05-08
Pretty URL 158.64.40.100/java/jquery/jquery-ui-1.8.19.custom.min.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen14 Hash 25e67e3ec12a14fb9e472b89af0a8a18 7198fd1366a46d8e5e899b6181176e6f5d6941ee 48fb2ac4d93c4bd12f12686b8cb2d7e58a343496a1e7ae67214c6c3367ce5d9b Loading...

	158.64.40.100/java/jquery/jquery-ui-timepicker-addon.js	51 kB	2023-05-09	2024-05-08
Pretty URL 158.64.40.100/java/jquery/jquery-ui-timepicker-addon.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 02:53:45 Last Seen2024-05-08 12:28:01 Times Seen16 Hash 820680f988899635d191fb9315600bf8 b166ab2ae36c123e9fa1b1afeca5b8318b59c89e 41f4ed44c3afa7619153da3a7d280c80eaa09ac4f7770abada5b96fe53328903 Loading...

	158.64.40.100/java/jquery/jquery-ui-sliderAccess.js	2.8 kB	2023-07-01	2024-05-08
Pretty URL 158.64.40.100/java/jquery/jquery-ui-sliderAccess.js IP 158.64.40.100 ASN #2602 Fondation RESTENA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen14 Hash b5a01f3d29043d2281ae0902f3b02019 85df94ad842bf9a24d2e08fb9e3c3c7e1c609235 055b20d6a8f1dcb7a3aa6d89c54c959688cac287b9ebf4c1c3ecdbe611396c91 Loading...

	unknown	119 B	2023-07-01	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen7 Hash ef7e97f669cdef0d7af995f0b488a342 9df4af4dd48337fbc95969b06bf225ba7140fec7 a09054f9a16a3166ebf2df68208b6f303b1d7819b26982badf212e2d3ed692a3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 367bc2caecc37c3220308baac9a8c06b	107 B	2023-07-01	2024-05-08
Pretty Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen5 Hash 367bc2caecc37c3220308baac9a8c06b 5cdbc44a24533ca90239222e7f20f4776d3077ae 7368a4445af8b0a21cb1ee1c79bdd61d4f8a87d5927af07779478e42c39b45ac Loading...

	#2 Write - 521f61a000904434d1a22b2fd27ec465	220 B	2023-07-01	2024-05-08
Pretty Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen7 Hash 521f61a000904434d1a22b2fd27ec465 c56b28a25b0e66a43a7645ac9a6861b60452893d 3801aaac23e3275f918721c5e6924d17df473f19fc24ad4a805dd4ecb6e8bca2 Loading...

	#3 Write - ad725d1fde42a6505205f0e6226a9693	4.9 kB	2023-07-01	2024-05-08
Pretty Observations First Seen2023-07-01 11:09:51 Last Seen2024-05-08 12:28:01 Times Seen7 Hash ad725d1fde42a6505205f0e6226a9693 16b81bae92c10fd1f8ad3904845ae37398d663cf e9764c5cf190a2e6883a136d78f26d7e0c8cf562d8673fa2cad81e5975716fc6 Loading...

HTTP Transactions (28)

URL IP Response Size

158.64.40.100/login.php

158.64.40.100

200 OK

6.3 kB

URL User Request GET HTTP/1.1
158.64.40.100/login.php
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

File type
HTML document, ASCII text, with very long lines (342), with CRLF, LF line terminators
Size
6.3 kB (6290 bytes)
Hash
a94962eb570c44b4ba917788da2f7224
089f9db37470514d8e9931c2052a8cb6acd79e70
2a5ecfd5b2e0beb1ad9291d1540efbbd7f7e531a1fc2ea8d0b5d96490d50ab1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:54 GMT
Server: Apache
X-UA-Compatible: IE=edge
Set-Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43; expires=Thu, 09-May-2024 10:26:54 GMT; Max-Age=86400; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: deny
Content-Length: 6290
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

158.64.40.100/DSKnet.css

158.64.40.100

200 OK

37 kB

URL GET HTTP/1.1
158.64.40.100/DSKnet.css
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
ISO-8859 text, with CRLF line terminators
Size
37 kB (36582 bytes)
Hash
64f0408447b2440166bdb4de112a0c26
f0c237aa42e482a691e15fe01c5af65cdc812bba
d543f8ca2bab895d41de475d91ca1dbd415ee676497c4596c7f44a78f87a36b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /DSKnet.css HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Tue, 28 Apr 2020 14:07:04 GMT
ETag: "8ee6-5a45a58993200"
Accept-Ranges: bytes
Content-Length: 36582
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

158.64.40.100/java/jquery/css/ui-lightness/jquery-ui-1.8.19.custom.css

158.64.40.100

200 OK

34 kB

URL GET HTTP/1.1
158.64.40.100/java/jquery/css/ui-lightness/jquery-ui-1.8.19.custom.css
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
ASCII text, with very long lines (1472), with CRLF line terminators
Size
34 kB (34369 bytes)
Hash
a272985a21e576cab53c916e3804bf9f
2ed43a859c87a101c773987343119d7b5c37466d
a16e21041084672359bf0a50940e6e54d37150ab0d762de6014d4ebcf680da69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /java/jquery/css/ui-lightness/jquery-ui-1.8.19.custom.css HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "8641-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 34369
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

158.64.40.100/menu/stmenu.js

158.64.40.100

200 OK

26 kB

URL GET HTTP/1.1
158.64.40.100/menu/stmenu.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
ASCII text, with very long lines (599), with CRLF line terminators
Size
26 kB (25612 bytes)
Hash
923edf9a679285bdd98e70d586bf2549
df2c8687adbcd76e0529f15a0f8181fa2a35efd8
911147d5767796f45f4fd2d916904e6af04692d364ff8e9c2730d60df42dc8ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /menu/stmenu.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "640c-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 25612
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/java/jquery/jquery-ui-sliderAccess.js

158.64.40.100

200 OK

2.8 kB

URL GET HTTP/1.1
158.64.40.100/java/jquery/jquery-ui-sliderAccess.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
2.8 kB (2805 bytes)
Hash
b5a01f3d29043d2281ae0902f3b02019
85df94ad842bf9a24d2e08fb9e3c3c7e1c609235
055b20d6a8f1dcb7a3aa6d89c54c959688cac287b9ebf4c1c3ecdbe611396c91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /java/jquery/jquery-ui-sliderAccess.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "af5-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 2805
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/java/jquery/jquery-ui-timepicker-addon.js

158.64.40.100

200 OK

51 kB

URL GET HTTP/1.1
158.64.40.100/java/jquery/jquery-ui-timepicker-addon.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
51 kB (50900 bytes)
Hash
820680f988899635d191fb9315600bf8
b166ab2ae36c123e9fa1b1afeca5b8318b59c89e
41f4ed44c3afa7619153da3a7d280c80eaa09ac4f7770abada5b96fe53328903

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /java/jquery/jquery-ui-timepicker-addon.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "c6d4-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 50900
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/java/jquery/jquery-1.7.2.min.js

158.64.40.100

200 OK

95 kB

URL GET HTTP/1.1
158.64.40.100/java/jquery/jquery-1.7.2.min.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32780), with CRLF line terminators
Size
95 kB (94854 bytes)
Hash
fea0ee20da1cbdc0cce15bbd906d0c21
c152dbf92d680e103d618e817eef8948fc2244e6
0b1e3988c0bd43078e0e0c167455febce25b83d590a26a9b9eb9ff04fb63e05e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /java/jquery/jquery-1.7.2.min.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "17286-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 94854
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/java/jquery/jquery-ui-1.8.19.custom.min.js

158.64.40.100

200 OK

207 kB

URL GET HTTP/1.1
158.64.40.100/java/jquery/jquery-ui-1.8.19.custom.min.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
JavaScript source, ASCII text, with very long lines (18578), with CRLF line terminators
Size
207 kB (206787 bytes)
Hash
25e67e3ec12a14fb9e472b89af0a8a18
7198fd1366a46d8e5e899b6181176e6f5d6941ee
48fb2ac4d93c4bd12f12686b8cb2d7e58a343496a1e7ae67214c6c3367ce5d9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /java/jquery/jquery-ui-1.8.19.custom.min.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "327c3-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 206787
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/menu/stcode.js

158.64.40.100

200 OK

95 kB

URL GET HTTP/1.1
158.64.40.100/menu/stcode.js
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
ASCII text, with very long lines (4877), with CRLF line terminators
Size
95 kB (95020 bytes)
Hash
471201ebab6e64c740057a13fec21456
0c1ffd24aa01c7226b9d20b05a0d2f67bc0cab56
7c89b71d9af831b74da2cf5e647f2165b54cbb435ab77c7ddac5092b2063b169

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /menu/stcode.js HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:55 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "1732c-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 95020
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

158.64.40.100/menu/blank.gif

158.64.40.100

200 OK

49 B

URL GET HTTP/1.1
158.64.40.100/menu/blank.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 1 x 1
Size
49 B (49 bytes)
Hash
1184485f130fd0fe785dc2a2d0c2fc0c
d4642139451c29a56e1dc9f91e7a054e2db1b9cd
4a962a349a505265aeb57099df429a871d1cdc7d3056f317c5c686820ac8e7d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /menu/blank.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "31-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 49
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_top_fill.gif

158.64.40.100

200 OK

149 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_top_fill.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 1 x 22
Size
149 B (149 bytes)
Hash
107826163c3e132f80c3200a310796d8
baceca1b66782cbc77a6a197f9eaca0a10e97b46
356a2f65aa867f16244f14569a04b977f69c7962f9dd670ec9a30b2a6518742c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_top_fill.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "95-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 149
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_menu_left.gif

158.64.40.100

200 OK

348 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_menu_left.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 22
Size
348 B (348 bytes)
Hash
b702b4da079ffff8437ad45f8dc35f21
a0c8af43963061cad34713aa759047a83a31c751
9c3381b64d5a1ce4bc27b9bf6d918bdf58087230f3b06906701a0c2c24922117

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_menu_left.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "15c-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 348
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_top_header.gif

158.64.40.100

200 OK

272 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_top_header.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 1 x 49
Size
272 B (272 bytes)
Hash
58e67f753788464c74fd078aba7a2696
fe81a9459795df01c66b2d2e416153586c99d517
a1f7e9cdd144cd0513a0065e97a3713999ab128f247ca6ef5a4fe36e13c0b863

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_top_header.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "110-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 272
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_menu_right.gif

158.64.40.100

200 OK

352 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_menu_right.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 22
Size
352 B (352 bytes)
Hash
9a8b5acc8018fad9c13f6083edcee61a
16594b27a6b4e5527a1ecf3b054e1564c6f300f4
915584d61345b1942b935325a713e8bc5e4f6522d9f85586c0bb4c6ce316209b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_menu_right.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "160-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 352
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_corner_left_top.gif

158.64.40.100

200 OK

283 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_corner_left_top.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 8
Size
283 B (283 bytes)
Hash
5724f7d947949e70780e728381856509
f0d0588a0f7c411cecd955300bc6a3af034d9553
437c3037a0528a85f4bdef1e6be67eab5d932797b2c57240c973c910da0ff117

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_corner_left_top.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "11b-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 283
X-Frame-Options: deny
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_top.gif

158.64.40.100

200 OK

260 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_top.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 273 x 8
Size
260 B (260 bytes)
Hash
0716295359448dc31a3aa7606e6bb711
7c18cf2a5c4058484a259e2b23cf58163c687aea
e6237540522d07c2744496d99f6e4cfd9a93f13d07a43fbb1608188a9723857e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_top.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "104-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 260
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_corner_right_top.gif

158.64.40.100

200 OK

283 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_corner_right_top.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 8
Size
283 B (283 bytes)
Hash
4f8aab977bd37b3a3c0df244b94fbb09
4b5e9da35eaa9d4b7a8cf47bd98e71d8f195e69e
396ddd087fa430b4bed7a323b10879db2a16a0ad3206e92a7ada361d375f1d02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_corner_right_top.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "11b-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 283
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_title_left.gif

158.64.40.100

200 OK

129 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_title_left.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 22
Size
129 B (129 bytes)
Hash
b610dc2adde4038d8774e6517021ee5a
64576d28833b87f01a3878aa7bacfcba8ecc9f6a
003bdf57fe907fb70f128ca3761e19cd698d1d17442e40f15fc1178394511ed5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_title_left.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "81-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 129
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_title_fill.gif

158.64.40.100

200 OK

46 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_title_fill.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 1 x 22
Size
46 B (46 bytes)
Hash
262d85c4a1caecdef4a9eecfdaffbb1f
b9f791aa89240b79a5d8c764c3b3463a2ba392e8
e6f7ad6143c3194930cf35c821d24e05005703844ec05ccfd590d1e410a3b2a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_title_fill.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "2e-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 46
X-Frame-Options: deny
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_title_right.gif

158.64.40.100

200 OK

186 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_title_right.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 22
Size
186 B (186 bytes)
Hash
6204cb88646398fe8c1209bfe8698cbf
1d27453221b55a62fa02982bd9a0f8b3ef165061
484fa01e23cd417f22adf35e003f1fef024064b6312e5ff661db1e3917a3b440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_title_right.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "ba-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 186
X-Frame-Options: deny
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_titlefill_right.gif

158.64.40.100

200 OK

96 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_titlefill_right.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 24
Size
96 B (96 bytes)
Hash
89252105dc79bce62aa38a6e0e42d1e1
a55dda0c6befbf12613d8508e90e5e4919699c89
03a9ac59293627564589a7205f6d6c388b00996e2e3a72888b05576f6bda2618

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_titlefill_right.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "60-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 96
X-Frame-Options: deny
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_right.gif

158.64.40.100

200 OK

255 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_right.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 118
Size
255 B (255 bytes)
Hash
2d8844f957c0e2a251901c8c6a0e0ecd
80f15c26b726cd4563c2e1b96c8149bd08649405
70affa7fc5d7daf18bc29d1633c42b0320bd343e36e475d5ea48990756c4e118

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_right.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "ff-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 255
X-Frame-Options: deny
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_left.gif

158.64.40.100

200 OK

255 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_left.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 118
Size
255 B (255 bytes)
Hash
f341c03b8274be45fed73a44b7f35000
caf03676a75ab854e2c2a49d2b476a7469d30acb
b4534f3809fa609c7e6f944ba72624fdd665b5d3d3607fe6181a9bcb5ddb27d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_left.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "ff-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 255
X-Frame-Options: deny
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_corner_left_bottom.gif

158.64.40.100

200 OK

283 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_corner_left_bottom.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 8
Size
283 B (283 bytes)
Hash
4fad4536107af6fb6ec9f02dee08f45d
37a7ecb06671df1c773714213bce8082ae288c07
d002847e9a513da84e8930dc60efe9d61335d7f62bbbb589c207cfe0e796f98e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_corner_left_bottom.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "11b-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 283
X-Frame-Options: deny
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_bottom.gif

158.64.40.100

200 OK

260 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_bottom.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 273 x 8
Size
260 B (260 bytes)
Hash
c9875f4eb0c2753320e78a5a42909e7b
2757769dc7beae963b2a8772a6ece6931ce82def
88853b956e06fe31ef1a2cc96b2775554b77dcf1aba5fa7acca837683ee6b51c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_bottom.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "104-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 260
X-Frame-Options: deny
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/images/dsknet/ico_box_corner_right_bottom.gif

158.64.40.100

200 OK

283 B

URL GET HTTP/1.1
158.64.40.100/images/dsknet/ico_box_corner_right_bottom.gif
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
GIF image data, version 89a, 8 x 8
Size
283 B (283 bytes)
Hash
7c7c0b51f25d51a1fd0e44e68c617686
1d3b29c4354f666b16f79be0046e18e8987d4915
f4d6f85429a44d9a6133f957ca949cd7c3fc1bebde5000e4586be088caab29ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/dsknet/ico_box_corner_right_bottom.gif HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/DSKnet.css
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "11b-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 283
X-Frame-Options: deny
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

158.64.40.100/favicon.ico

158.64.40.100

200 OK

1.1 kB

URL GET HTTP/1.1
158.64.40.100/favicon.ico
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
MS Windows icon resource - 1 icon, 15x16, 32 bits/pixel
Size
1.1 kB (1086 bytes)
Hash
c9cb3855afb89e829dcf308e40a98fad
0a6695c2125db71e77921c1648bb227fa5282718
559e04cc7d7b1c37509bc5dba0ef200ce73e936c2bab235e787db6822d5b44be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 13:54:46 GMT
ETag: "43e-5a354a8ac5580"
Accept-Ranges: bytes
Content-Length: 1086
X-Frame-Options: deny
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/x-icon

158.64.40.100/Img/icon.png

158.64.40.100

403 Forbidden

221 B

URL GET HTTP/1.1
158.64.40.100/Img/icon.png
IP
158.64.40.100:80
ASN
#2602 Fondation RESTENA

Requested by
http://158.64.40.100/login.php

File type
HTML document, ASCII text
Size
221 B (221 bytes)
Hash
0398e3dc538bce24fbe115ea53216514
e0873ff1592192d08220e517a4f112ac3d4321d6
ca29b6d7ceafd93629d2bd9b442540467fedac708ceb7367cf2aa29ab86b4c73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Img/icon.png HTTP/1.1
Host: 158.64.40.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://158.64.40.100/login.php
Cookie: DSKNet=usr196e5nkdglicdk9ljhb8v43
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 10:26:56 GMT
Server: Apache
Content-Length: 221
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by