Report - 82.202.105.214/login.php

Report Overview

Submitted URL
82.202.105.214/login.php
IP
82.202.105.214
ASN
#25512 CD-Telematika a.s.
Submitted
2024-05-09 12:26:04
Access
public
Website Title
Přihlášení do zákaznického portálu - Portál České filtry
Final URL
82.202.105.214/login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
82.202.105.214	unknown	unknown	No data	No data	3.5 kB	96 kB	82.202.105.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed
2024-05-09	medium	82.202.105.214	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	82.202.105.214/js/jquery.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL 82.202.105.214/js/jquery.min.js IP 82.202.105.214 ASN #25512 CD-Telematika a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-20 12:59:17 Times Seen269909 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	82.202.105.214/js/bootstrap.js	69 kB	2023-03-07	2024-05-15
Pretty URL 82.202.105.214/js/bootstrap.js IP 82.202.105.214 ASN #25512 CD-Telematika a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:14 Last Seen2024-05-15 06:52:16 Times Seen598 Hash 8015042d0b4ac125867af5b096b175ce bbf55e20f1ebb6368522799f29db39830a08ef93 ef43a4d502ffb688656851d788c42869d47e8840d007b4f4b66f62530171acd4 Loading...

	82.202.105.214/login.php	0 B	2023-03-07	2024-05-20
Pretty URL 82.202.105.214/login.php IP 82.202.105.214 ASN #25512 CD-Telematika a.s. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 14:22:11 Times Seen37877245 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (9)

URL IP Response Size

82.202.105.214/login.php

82.202.105.214

200 OK

2.0 kB

URL User Request GET HTTP/1.1
82.202.105.214/login.php
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (873), with CRLF line terminators
Size
2.0 kB (2011 bytes)
Hash
ef17305c92aca92d75680b421d48c3db
fa70bf1627b588817728aa421b7f0bea1ee9bfde
4c737748d1b76247ec26ce2b042d621885f486485796071b007d9a1970dfe049

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2011
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

82.202.105.214/css/main.css

82.202.105.214

200 OK

2.4 kB

URL GET HTTP/1.1
82.202.105.214/css/main.css
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
assembler source, ASCII text, with very long lines (383), with CRLF line terminators
Size
2.4 kB (2365 bytes)
Hash
c4406d104af6fa7cb9971af8d848f21c
ff80fac6ec8a3c5919c28788642f3d0c2437a407
901aa77b7d1531e11e79c26d32ee2e36521f754ce3129cc72c60cf994c002caa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:11 GMT
ETag: "1fad-5be26d38fec36-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2365
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

82.202.105.214/js/bootstrap.js

82.202.105.214

200 OK

14 kB

URL GET HTTP/1.1
82.202.105.214/js/bootstrap.js
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
JavaScript source, ASCII text
Size
14 kB (14122 bytes)
Hash
8015042d0b4ac125867af5b096b175ce
bbf55e20f1ebb6368522799f29db39830a08ef93
ef43a4d502ffb688656851d788c42869d47e8840d007b4f4b66f62530171acd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.js HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:08 GMT
ETag: "10d1a-5be26d36ec7ef-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14122
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

82.202.105.214/css/bootstrap.css

82.202.105.214

200 OK

22 kB

URL GET HTTP/1.1
82.202.105.214/css/bootstrap.css
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
ASCII text, with very long lines (540)
Size
22 kB (21525 bytes)
Hash
d1d8d1d5fa6bd586a9ad6f3ed606ae14
be35c051c8dff64e0d2250e83d573b32a6d774fa
6d1615498eb84be14706815779b3a0d40b077fc0c43186253389e929c984f531

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:11 GMT
ETag: "23fd5-5be26d395b892-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21525
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

82.202.105.214/js/jquery.min.js

82.202.105.214

200 OK

30 kB

URL GET HTTP/1.1
82.202.105.214/js/jquery.min.js
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
JavaScript source, ASCII text, with very long lines (32030)
Size
30 kB (30080 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:09 GMT
ETag: "152b5-5be26d37743c8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30080
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

82.202.105.214/img/loader.gif

82.202.105.214

200 OK

3.2 kB

URL GET HTTP/1.1
82.202.105.214/img/loader.gif
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
GIF image data, version 89a, 32 x 32
Size
3.2 kB (3208 bytes)
Hash
a51c5608d01acf32df728f299767f82b
2eb3f9f430fb2a6267e0d252129ef6473d074f37
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/loader.gif HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:09 GMT
ETag: "c88-5be26d37c3565"
Accept-Ranges: bytes
Content-Length: 3208
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

82.202.105.214/img/ceske-filtry-logo.png

82.202.105.214

200 OK

15 kB

URL GET HTTP/1.1
82.202.105.214/img/ceske-filtry-logo.png
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
PNG image data, 600 x 125, 8-bit/color RGBA, non-interlaced
Size
15 kB (14707 bytes)
Hash
b355c67fa95b3a857feb253c4f5661e5
d64559ce1f16ebda9a47a10f646c11eb0eab2590
2e60ede4f8b9f25ff1da2846e8d5875fbead7505c991b9b7065e0351446c8fc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ceske-filtry-logo.png HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:09 GMT
ETag: "3973-5be26d37b1c26"
Accept-Ranges: bytes
Content-Length: 14707
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

82.202.105.214/img/floresps-logo.png

82.202.105.214

200 OK

3.9 kB

URL GET HTTP/1.1
82.202.105.214/img/floresps-logo.png
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
PNG image data, 192 x 45, 8-bit/color RGBA, non-interlaced
Size
3.9 kB (3874 bytes)
Hash
353a9f7cdb6e19133f4944e6b2873fbd
9bfd57145b4f095de6ca260d3c704560c95ad9b5
70445dbdef15b40a9131e005d9d513e2d43e17e9fee3a21ba492fad5c3d2dd50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/floresps-logo.png HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:09 GMT
ETag: "f22-5be26d37b1c26"
Accept-Ranges: bytes
Content-Length: 3874
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

82.202.105.214/favicon.ico

82.202.105.214

200 OK

701 B

URL GET HTTP/1.1
82.202.105.214/favicon.ico
IP
82.202.105.214:80
ASN
#25512 CD-Telematika a.s.

Requested by
http://82.202.105.214/login.php

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
701 B (701 bytes)
Hash
c3681f58a5d778c4a11cdd7d648b192d
5038dd8edcb571629e2363e20eeca10e0b6fb0c5
c7edcea11d164e605182477680e79de43a9a70963cb3c3c4efca75c7b123dbac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 82.202.105.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://82.202.105.214/login.php
Cookie: PHPSESSID=c6hm9kmjdvljvb00ifag6s21f1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:25:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 22 Mar 2021 21:34:07 GMT
ETag: "2bd-5be26d361c7d8"
Accept-Ranges: bytes
Content-Length: 701
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size