Report - 34.215.39.29:20082/login

Report Overview

Submitted URL
34.215.39.29:20082/login
IP
34.215.39.29
ASN
#16509 AMAZON-02
Submitted
2024-05-04 11:51:50
Access
public
Website Title
XACTUS | Login
Final URL
34.215.39.29:20082/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
34.215.39.29:20082	unknown	unknown	No data	No data	9.9 kB	589 kB	34.215.39.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed
2024-05-04	medium	34.215.39.29	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	34.215.39.29:20082/static/vendors/jquery/dist/jquery.min.js	86 kB	2023-03-07	2024-05-24
Pretty URL 34.215.39.29:20082/static/vendors/jquery/dist/jquery.min.js IP 34.215.39.29 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:07 Last Seen2024-05-24 00:37:45 Times Seen6870 Hash 710458dd559c957714ac4a8e95357eb5 f694238d616f579a0690001f37984af430c19963 b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365 Loading...

	34.215.39.29:20082/static/vendors/alertifyjs/alertify.min.js	36 kB	2023-08-08	2024-05-04
Pretty URL 34.215.39.29:20082/static/vendors/alertifyjs/alertify.min.js IP 34.215.39.29 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 11:03:10 Last Seen2024-05-04 13:51:56 Times Seen6 Hash e70782d907b2e568b728ee0dfd415c3e 3f6ab30e5a160ba9e4d73f6aa123c52a2eb992c8 c1b7088181d1fad5059c9d3fa0d457ba612a5bdcabe6ce83b1297b9a12ffdb52 Loading...

	34.215.39.29:20082/static/vendors/parsleyjs/dist/parsley.min.js	41 kB	2023-08-08	2024-05-04
Pretty URL 34.215.39.29:20082/static/vendors/parsleyjs/dist/parsley.min.js IP 34.215.39.29 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 11:03:10 Last Seen2024-05-04 13:51:56 Times Seen4 Hash d5c65d8a694ac94e17e8e85aa9033dc6 4aa65f90b85fd9d66132014a560090a20af916ad 2ab971e3075953ae5c98f4dfd5c66f2f979c0317de7ce157a8974f2a263b3786 Loading...

	34.215.39.29:20082/static/build/js/login.js	693 B	2023-08-08	2024-05-04
Pretty URL 34.215.39.29:20082/static/build/js/login.js IP 34.215.39.29 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 11:03:10 Last Seen2024-05-04 13:51:56 Times Seen4 Hash 6466a1143f2c62afe0b9db913a2fcfbb 20d217881600938b498ad17031277c937e751003 64353fba9c9a4540dd4e10ea20d6eded320dd45f6384f799397bfe4b5706ac92 Loading...

HTTP Transactions (19)

URL IP Response Size

34.215.39.29:20082/login

34.215.39.29

200 OK

5.2 kB

URL User Request GET HTTP/1.0
34.215.39.29:20082/login
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 text
Size
5.2 kB (5172 bytes)
Hash
f2a6686f45b5fe800f2f05d4630611fd
2ccae6ce84cb0d36a916067e994fde4e77965bb1
5ffa36d05ae171fa4f9d9f753cef4691ed281583a1540234e454a1099b5802d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 5172
Vary: Cookie
Set-Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E; HttpOnly; Path=/
Server: Werkzeug/1.0.1 Python/3.5.3
Date: Sat, 04 May 2024 11:51:25 GMT

34.215.39.29:20082/static/vendors/bootstrap-daterangepicker/daterangepicker.css

34.215.39.29

200 OK

8.4 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/bootstrap-daterangepicker/daterangepicker.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with CRLF line terminators
Size
8.4 kB (8402 bytes)
Hash
a0c49baaddac1dd1715b837755e2e932
328a71ec1a750471fa0d88377aa0e25ff1a7a663
802ddca8b98e4dddd63ab75ff69002eabac5e23ddab4ef5874e187a1d05d8450

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/bootstrap-daterangepicker/daterangepicker.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 8402
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071342.0-8402-1560881366"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/nprogress/nprogress.css

34.215.39.29

200 OK

1.5 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/nprogress/nprogress.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with CRLF line terminators
Size
1.5 kB (1532 bytes)
Hash
f1b87f434fc5a3fa4c78ead488d750f3
6680fceb0490a612a2eed5db032bf1c05993345b
4a39ac43a1612a5a1e3ff1cafaebefa77f314ec9bbd2d51f719a278f419c894a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/nprogress/nprogress.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 1532
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:24 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071344.0-1532-934289471"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/bootstrap-progressbar/css/bootstrap-progressbar-3.3.4.min.css

34.215.39.29

200 OK

5.0 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/bootstrap-progressbar/css/bootstrap-progressbar-3.3.4.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
Unicode text, UTF-8 text, with very long lines (4898), with CRLF line terminators
Size
5.0 kB (5015 bytes)
Hash
6b16872e4232a5eb02d090a970429434
0d6513439e98943fb7b1375ccf8dc038f6bac167
7b16117b5d259c6386b7e32b2685c52a601ea2ec240e2199fb604c5ae245e41d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/bootstrap-progressbar/css/bootstrap-progressbar-3.3.4.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 5015
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071342.0-5015-386608624"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/iCheck/skins/flat/green.css

34.215.39.29

200 OK

1.4 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/iCheck/skins/flat/green.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with CRLF line terminators
Size
1.4 kB (1369 bytes)
Hash
28489aaebf0e577b8cf93473ae767222
7d6f95275db2ed903ef8dea561ec6e07bf142c0b
0a0e77c8e6b05d047f5b422cf0bc0d1b01ff5781cbdd007b5df3977d60554629

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/iCheck/skins/flat/green.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 1369
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:24 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071344.0-1369-2911314174"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/font-awesome/css/font-awesome.min.css

34.215.39.29

200 OK

29 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/font-awesome/css/font-awesome.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with very long lines (28900), with CRLF line terminators
Size
29 kB (29067 bytes)
Hash
fea395db9a5c8eaba924d98161324597
3c1d63dd1176c77f9f4cdb1616fbb08c31b9822f
ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 29067
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071342.0-29067-345580813"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/jqvmap/dist/jqvmap.min.css

34.215.39.29

200 OK

622 B

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/jqvmap/dist/jqvmap.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with very long lines (620), with CRLF line terminators
Size
622 B (622 bytes)
Hash
2a1e945bcdec3197b4fb54ed2bfe8637
117634833bbd05d0bc7d4f6b26092aa523f1c810
baa594a35244d1bdefc9d63e88ed1915efe531bf8f42a5493dc2669290da4079

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/jqvmap/dist/jqvmap.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 622
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:24 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "1634071344.0-622-2476482796"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/alertifyjs/css/custom.alertify.css

34.215.39.29

200 OK

476 B

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/alertifyjs/css/custom.alertify.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with CRLF line terminators
Size
476 B (476 bytes)
Hash
aa48730a3ca8c2f6bc43db75f4a1563c
49e6e40cdc4816222e09e9780ad2f4ef5a2d97f2
43c9f36528ba563dddde9ffe62b5a040a106ea45179235589bcfda1c2921072a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/alertifyjs/css/custom.alertify.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 476
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "1634071342.0-476-2919900247"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/alertifyjs/css/alertify.min.css

34.215.39.29

200 OK

21 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/alertifyjs/css/alertify.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with very long lines (20337), with CRLF line terminators
Size
21 kB (20639 bytes)
Hash
b985d046460486e0d4369966a64f2fd3
f24618e395deed90d09e1a95aee4deb01443124f
417de179a77472380f6d8be7caf1c117a1dcefc7ab336457edd132fa9b0a07c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/alertifyjs/css/alertify.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 20639
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "1634071342.0-20639-1093214976"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/bootstrap/dist/css/bootstrap.min.css

34.215.39.29

200 OK

121 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/bootstrap/dist/css/bootstrap.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with very long lines (65367), with CRLF line terminators
Size
121 kB (121205 bytes)
Hash
5057f321f0dc85cd8da94a0c5f67a8f4
224c9f9ad11b495358aa61dbd53e838e9b61015b
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/bootstrap/dist/css/bootstrap.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 121205
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:26 GMT
ETag: "1634071342.0-121205-4153353474"
Date: Sat, 04 May 2024 11:51:26 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/animate.css/animate.min.css

34.215.39.29

200 OK

53 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/animate.css/animate.min.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with very long lines (52592), with CRLF line terminators
Size
53 kB (52799 bytes)
Hash
cdca0026964a0362ac2161d9d4ced6a1
bd19b68cf95bb2af46b65a81184bc76ffbfc7185
e91e33855a7203b1828fba1d326c1a629c375d49cdbf0a52aa050e5331fb3125

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/animate.css/animate.min.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 52799
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "1634071342.0-52799-2977898784"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/build/js/login.js

34.215.39.29

200 OK

693 B

URL GET HTTP/1.0
34.215.39.29:20082/static/build/js/login.js
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
ASCII text, with CRLF line terminators
Size
693 B (693 bytes)
Hash
6466a1143f2c62afe0b9db913a2fcfbb
20d217881600938b498ad17031277c937e751003
64353fba9c9a4540dd4e10ea20d6eded320dd45f6384f799397bfe4b5706ac92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/build/js/login.js HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 693
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:20 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:28 GMT
ETag: "1634071340.0-693-2481396242"
Date: Sat, 04 May 2024 11:51:28 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/build/css/xactus-custom.css

34.215.39.29

200 OK

89 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/build/css/xactus-custom.css
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
89 kB (88643 bytes)
Hash
ed15dc1814af3337125d38ebdb70ed65
d9e3d773ef1db7203107bc4edde5109983863693
7ac328293a379e8c3f78d7c9599f3baccc3e7098c91b7794e675781e29ac4d5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/build/css/xactus-custom.css HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 88643
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 05 Jan 2000 00:00:40 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "947030440.5399992-88643-2965708337"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/alertifyjs/alertify.min.js

34.215.39.29

200 OK

36 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/alertifyjs/alertify.min.js
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
JavaScript source, ASCII text, with very long lines (31988), with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
e70782d907b2e568b728ee0dfd415c3e
3f6ab30e5a160ba9e4d73f6aa123c52a2eb992c8
c1b7088181d1fad5059c9d3fa0d457ba612a5bdcabe6ce83b1297b9a12ffdb52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/alertifyjs/alertify.min.js HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 35786
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:28 GMT
ETag: "1634071342.0-35786-2536120604"
Date: Sat, 04 May 2024 11:51:28 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/images/xactus-favicon.ico

34.215.39.29

200 OK

6.6 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/images/xactus-favicon.ico
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
6.6 kB (6638 bytes)
Hash
1f03aefc020346e747d3042db17c2926
3d44bba1f7b69fb1bd9a11d8d97dd5a3511c9c34
7e5301d76fb3448a6de97b374f4be6fd2f042840c10320a0f6dfae0b5d278ae4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/xactus-favicon.ico HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 6638
Content-Type: image/vnd.microsoft.icon
Last-Modified: Wed, 05 Jan 2000 00:00:40 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:29 GMT
ETag: "947030440.5299993-6638-1979850076"
Date: Sat, 04 May 2024 11:51:29 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/parsleyjs/dist/parsley.min.js

34.215.39.29

200 OK

41 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/parsleyjs/dist/parsley.min.js
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
JavaScript source, ASCII text, with very long lines (32052), with CRLF line terminators
Size
41 kB (40964 bytes)
Hash
d5c65d8a694ac94e17e8e85aa9033dc6
4aa65f90b85fd9d66132014a560090a20af916ad
2ab971e3075953ae5c98f4dfd5c66f2f979c0317de7ce157a8974f2a263b3786

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/parsleyjs/dist/parsley.min.js HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 40964
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:26 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:28 GMT
ETag: "1634071346.0-40964-4242743871"
Date: Sat, 04 May 2024 11:51:28 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/jquery/dist/jquery.min.js

34.215.39.29

200 OK

86 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/jquery/dist/jquery.min.js
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
JavaScript source, ASCII text, with very long lines (32065), with CRLF line terminators
Size
86 kB (85582 bytes)
Hash
710458dd559c957714ac4a8e95357eb5
f694238d616f579a0690001f37984af430c19963
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/jquery/dist/jquery.min.js HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 85582
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 12 Oct 2021 20:42:24 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:27 GMT
ETag: "1634071344.0-85582-1955995810"
Date: Sat, 04 May 2024 11:51:27 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/images/favicon.ico

34.215.39.29

200 OK

6.6 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/images/favicon.ico
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
6.6 kB (6638 bytes)
Hash
1f03aefc020346e747d3042db17c2926
3d44bba1f7b69fb1bd9a11d8d97dd5a3511c9c34
7e5301d76fb3448a6de97b374f4be6fd2f042840c10320a0f6dfae0b5d278ae4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/favicon.ico HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/login
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 6638
Content-Type: image/vnd.microsoft.icon
Last-Modified: Fri, 22 Oct 2021 14:13:26 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:30 GMT
ETag: "1634912006.0-6638-2948930199"
Date: Sat, 04 May 2024 11:51:30 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

34.215.39.29:20082/static/vendors/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3

34.215.39.29

200 OK

72 kB

URL GET HTTP/1.0
34.215.39.29:20082/static/vendors/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
IP
34.215.39.29:20082
ASN
#16509 AMAZON-02

Requested by
http://34.215.39.29:20082/login

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/vendors/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: 34.215.39.29:20082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.215.39.29:20082/static/vendors/font-awesome/css/font-awesome.min.css
Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZTZmMmRiNTdhNGU0ZmY4NTZjZjBiMDJmYTA5NGFkMTVjZTI5YWRmMSJ9.ZjYhPQ.fxkd8fdH1OcFJTENCskie0NaO3E
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Content-Length: 71896
Content-Type: application/octet-stream
Last-Modified: Tue, 12 Oct 2021 20:42:22 GMT
Cache-Control: public, max-age=43200
Expires: Sat, 04 May 2024 23:51:29 GMT
ETag: "1634071342.0-71896-738535436"
Date: Sat, 04 May 2024 11:51:29 GMT
Server: Werkzeug/1.0.1 Python/3.5.3

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL User Request GET HTTP/1.0

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.0

IP

ASN

Requested by

File type

Size

Hash

Detections