Report - 81.23.21.161:5000/login

Report Overview

Submitted URL
81.23.21.161:5000/login
IP
81.23.21.161
ASN
#15895 Kyivstar PJSC
Submitted
2024-05-07 17:50:54
Access
public
Website Title
RUT955 - Teltonika Networks
Final URL
81.23.21.161:5000/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
81.23.21.161:5000	unknown	unknown	No data	No data	5.3 kB	1.4 MB	81.23.21.161
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-06	489 B	239 kB	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed
2024-05-07	medium	81.23.21.161	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js	939 kB	2023-03-12	2024-05-09
Pretty URL cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:02:11 Last Seen2024-05-09 07:33:43 Times Seen45 Hash 0ecde9536d90bdcc8f6f264ad3247a11 5fdd8d3606e6a106920452f3c40340d82c0723df f81cb20ea9c444f83e11d20d972fb42ed88bd90939fcba5852e29a1459d7b583 Loading...

	81.23.21.161:5000/assets/vendor-b39663dd.js	441 kB	2024-05-07	2024-05-09
Pretty URL 81.23.21.161:5000/assets/vendor-b39663dd.js IP 81.23.21.161 ASN #15895 Kyivstar PJSC Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-07 19:51:02 Last Seen2024-05-09 07:33:43 Times Seen9 Hash 01824dc3f692b58c33cd84125eacccea 53a86409ebdabc0a0c92ef2bb31d6e9bf635528e 9fb344e4fdbfa2382cad29571c6e1d00df424f22ad7431ff461f92c67523e561 Loading...

	81.23.21.161:5000/assets/index-a9fe3aa4.js	2.0 MB	2024-05-07	2024-05-09
Pretty URL 81.23.21.161:5000/assets/index-a9fe3aa4.js IP 81.23.21.161 ASN #15895 Kyivstar PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 19:51:02 Last Seen2024-05-09 07:33:43 Times Seen9 Hash d84568ae9fb7f44df1d48e6b2ff1d287 04bf17f414cf9b4de57d6821e78490dbb1437409 488b712d1b77c1bd95724d687c9fd8aee4e6c83874e86fb1e8d420a0527b443b Loading...

HTTP Transactions (15)

URL IP Response Size

81.23.21.161:5000/login

81.23.21.161

200 OK

800 B

URL User Request GET HTTP/1.1
81.23.21.161:5000/login
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

File type
HTML document, ASCII text
Size
800 B (800 bytes)
Hash
2ca602c91a0c86fbeb398283befdf7be
94acca0ab811010bf84e16fcc9c9d25e374a3dda
61477e9c21a14a90110c81beffcd82d3e4072ed437c0a56be2cda799d1f00ff2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip

cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js

151.101.193.229

200 OK

238 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://81.23.21.161:5000/login
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65507), with no line terminators
Size
238 kB (238380 bytes)
Hash
0ecde9536d90bdcc8f6f264ad3247a11
5fdd8d3606e6a106920452f3c40340d82c0723df
f81cb20ea9c444f83e11d20d972fb42ed88bd90939fcba5852e29a1459d7b583

HTTP Headers

GET /gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4eccf2cf93856a69c7c982df04ae8b91b43aac52
x-jsd-version-type: commit
etag: W/"e5317-X92NNgbmoQaSBFLzxANA2CwHI98"
content-encoding: br
accept-ranges: bytes
age: 1841373
date: Tue, 07 May 2024 17:50:27 GMT
x-served-by: cache-fra-eddf8230046-FRA, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 238380
X-Firefox-Spdy: h2

81.23.21.161:5000/brand/brand.css?v=1

81.23.21.161

200 OK

875 B

URL GET HTTP/1.1
81.23.21.161:5000/brand/brand.css?v=1
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
ASCII text
Size
875 B (875 bytes)
Hash
d9489c00a8f88874d9bbaa02abfea118
c59fcc63dbb8b89c8e8d62818a06208917a6de68
105b7b7370e9d0fb1cef9ac27c5a216e09a268fc34c5ab9ed3a9c4fd75e04c04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /brand/brand.css?v=1 HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fcd-36b-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:27 GMT
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 875

81.23.21.161:5000/assets/index-82c6a673.css

81.23.21.161

200 OK

33 kB

URL GET HTTP/1.1
81.23.21.161:5000/assets/index-82c6a673.css
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (33228 bytes)
Hash
7ef6f9ac6cfd5bf3a8ac9dea122182e6
a58bf0e2d6ad0ef6738cbddcaee4e4f6b798bcc1
82c6a6732d93b47e0b8f2e58cf666d549141a706e17b2e154ac16ca0a1b9159b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-82c6a673.css HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fc9-81cc-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:27 GMT
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 33228

81.23.21.161:5000/assets/index-a9fe3aa4.js

81.23.21.161

200 OK

471 kB

URL GET HTTP/1.1
81.23.21.161:5000/assets/index-a9fe3aa4.js
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
471 kB (470650 bytes)
Hash
d84568ae9fb7f44df1d48e6b2ff1d287
04bf17f414cf9b4de57d6821e78490dbb1437409
488b712d1b77c1bd95724d687c9fd8aee4e6c83874e86fb1e8d420a0527b443b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-a9fe3aa4.js HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fca-72e7a-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:27 GMT
Content-Encoding: gzip
Content-Type: text/javascript
Content-Length: 470650

81.23.21.161:5000/assets/vendor-b39663dd.js

81.23.21.161

200 OK

145 kB

URL GET HTTP/1.1
81.23.21.161:5000/assets/vendor-b39663dd.js
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (16554)
Size
145 kB (144559 bytes)
Hash
01824dc3f692b58c33cd84125eacccea
53a86409ebdabc0a0c92ef2bb31d6e9bf635528e
9fb344e4fdbfa2382cad29571c6e1d00df424f22ad7431ff461f92c67523e561

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/vendor-b39663dd.js HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/assets/index-a9fe3aa4.js
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fcb-234af-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:28 GMT
Content-Encoding: gzip
Content-Type: text/javascript
Content-Length: 144559

81.23.21.161:5000/fonts/OpenSans-Regular.woff2

81.23.21.161

200 OK

50 kB

URL GET HTTP/1.1
81.23.21.161:5000/fonts/OpenSans-Regular.woff2
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
Web Open Font Format (Version 2), TrueType, length 50180, version 1.0
Size
50 kB (50180 bytes)
Hash
a725497524525c361f0d545e4e8ec577
b0135a2d4e69e1a7aeb1d269c9ee43e37fdcc29f
893f7f57805f1a70e7cb63621dcc596e49fc87551d1231c7756b7a958bac931b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/OpenSans-Regular.woff2 HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/assets/index-82c6a673.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fea-c404-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Type: application/octet-stream
Content-Length: 50180

81.23.21.161:5000/assets/vendor-b39663dd.js

81.23.21.161

200 OK

145 kB

URL GET HTTP/1.1
81.23.21.161:5000/assets/vendor-b39663dd.js
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (16554)
Size
145 kB (144559 bytes)
Hash
01824dc3f692b58c33cd84125eacccea
53a86409ebdabc0a0c92ef2bb31d6e9bf635528e
9fb344e4fdbfa2382cad29571c6e1d00df424f22ad7431ff461f92c67523e561

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/vendor-b39663dd.js HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://81.23.21.161:5000/login
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fcb-234af-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Encoding: gzip
Content-Type: text/javascript
Content-Length: 144559

81.23.21.161:5000/fonts/OpenSans-SemiBold.woff2

81.23.21.161

200 OK

56 kB

URL GET HTTP/1.1
81.23.21.161:5000/fonts/OpenSans-SemiBold.woff2
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
Web Open Font Format (Version 2), TrueType, length 56336, version 1.0
Size
56 kB (56336 bytes)
Hash
ef3ace47eb239b775be05de1de1af268
988135ecaacc456e803d9609b28e5e68c4d694d9
0240d31750dece0d5a709e6eb5cbfded2f15b37b5a4d752c3c636cdd03bd12f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/OpenSans-SemiBold.woff2 HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/assets/index-82c6a673.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "feb-dc10-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Type: application/octet-stream
Content-Length: 56336

81.23.21.161:5000/api/ui/config/options

81.23.21.161

403 Forbidden

89 B

URL GET HTTP/1.1
81.23.21.161:5000/api/ui/config/options
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JSON text data
Size
89 B (89 bytes)
Hash
b7fe8d6d90655a9eae4b67f5001a91ba
2ca13a90b1f7a1259029d006197e60718996955f
c92467b425de2bceea508545d923e51ee93817641fe8fb7a03147cbf968adb3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/ui/config/options HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer 00000000000000000000000000000000
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-cache, no-store, Pragma
Content-Type: application/json

81.23.21.161:5000/api/unauthorized/status

81.23.21.161

200 OK

80 B

URL GET HTTP/1.1
81.23.21.161:5000/api/unauthorized/status
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JSON text data
Size
80 B (80 bytes)
Hash
af64d123284ca95faeb9df923734dfd8
5f7b590558d9af6067a1b899039eee7133bd8486
26a3da79c4b78da9ade06cde8844a50dfa5fc29d2a38f47325ff659648e668a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/unauthorized/status HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer 00000000000000000000000000000000
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-cache, no-store, Pragma
Content-Type: application/json

81.23.21.161:5000/fonts/Oswald-Regular.woff

81.23.21.161

200 OK

26 kB

URL GET HTTP/1.1
81.23.21.161:5000/fonts/Oswald-Regular.woff
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
Web Open Font Format, TrueType, length 25936, version 1.1
Size
26 kB (25936 bytes)
Hash
3a011c2487ce29e6908986eb11d0318d
d31df79b254b220baf98dc9aeccb064e58d98685
ce4dbbaf6884611c2d6eb64aec64c067121a2e24a9af1ab4dbeace9cdbf9bc14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Oswald-Regular.woff HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/assets/index-82c6a673.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fee-6550-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Type: application/octet-stream
Content-Length: 25936

81.23.21.161:5000/tlt-icons/tlt_networks_logo_white.svg

81.23.21.161

200 OK

1.4 kB

URL GET HTTP/1.1
81.23.21.161:5000/tlt-icons/tlt_networks_logo_white.svg
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1402 bytes)
Hash
f5fc00a6709af7625b017ca8e8b0a762
503002f057b5fa5d748bcccf7726d3bf23064adc
a472beb5aa8d3ab799cef8e8100d5c4d2918d20d05ce180e47a9f958438b50da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tlt-icons/tlt_networks_logo_white.svg HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "105e-57a-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Encoding: gzip
Content-Type: image/svg+xml
Content-Length: 1402

81.23.21.161:5000/assets/index-a9fe3aa4.js

81.23.21.161

200 OK

471 kB

URL GET HTTP/1.1
81.23.21.161:5000/assets/index-a9fe3aa4.js
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
471 kB (470650 bytes)
Hash
d84568ae9fb7f44df1d48e6b2ff1d287
04bf17f414cf9b4de57d6821e78490dbb1437409
488b712d1b77c1bd95724d687c9fd8aee4e6c83874e86fb1e8d420a0527b443b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-a9fe3aa4.js HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://81.23.21.161:5000/login
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fca-72e7a-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:29 GMT
Content-Encoding: gzip
Content-Type: text/javascript
Content-Length: 470650

81.23.21.161:5000/favicon.ico

81.23.21.161

200 OK

17 kB

URL GET HTTP/1.1
81.23.21.161:5000/favicon.ico
IP
81.23.21.161:5000
ASN
#15895 Kyivstar PJSC

Requested by
http://81.23.21.161:5000/login

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Size
17 kB (16726 bytes)
Hash
41f06b0964a175234e091a056d0ea0e3
1622e097c724d0f29fb01f386c8b8242cb05f8c4
e1aa42736f36220e52a2c3af693ec59b67d03cba809cfe65df2060683624bebf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 81.23.21.161:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.23.21.161:5000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; 				img-src * 'self'; 				script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; 				style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css  'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self'
Cache-Control: no-cache
ETag: "fe5-4156-65fc2230"
Last-Modified: Thu, 21 Mar 2024 12:04:00 GMT
Date: Tue, 07 May 2024 17:50:30 GMT
Content-Type: application/octet-stream
Content-Length: 16726

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size