Report - 43.228.129.36/login

Report Overview

Submitted URL
43.228.129.36/login
IP
43.228.129.36
ASN
#17882 UNIVISION LLC
Submitted
2024-05-10 12:13:24
Access
public
Website Title
Veritech ERP - Нэвтрэх хэсэг
Final URL
43.228.129.36/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
43.228.129.36	unknown	unknown	No data	No data	8.7 kB	3.9 MB	43.228.129.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed
2024-05-10	medium	43.228.129.36	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	43.228.129.36/assets/core/js/main/jquery-migrate.min.v1685929695.js	11 kB	2023-06-17	2024-05-10
Pretty URL 43.228.129.36/assets/core/js/main/jquery-migrate.min.v1685929695.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 13:50:32 Last Seen2024-05-10 14:13:31 Times Seen18 Hash b6a1ad9c3189d8af6b78c6a4c7502a75 8bbfd8b12afdba29b38d5efd896955222bb047a6 30f530395c41bbcf7d7ef43da081040d8a7255fb5a4bc65a0e95b145abb9e0d1 Loading...

	43.228.129.36/assets/core/js/main/bootstrap.bundle.min.v1685929695.js	79 kB	2023-03-07	2024-05-10
Pretty URL 43.228.129.36/assets/core/js/main/bootstrap.bundle.min.v1685929695.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:35 Last Seen2024-05-10 14:13:31 Times Seen146 Hash 6c9e58bd75de51ae8c63cd00802b5dd5 3cb4f090a2cb698eab3fe2cb7ddbe744a4088264 f0e3f4cdc282dc2223fa74f47f49bf78cf0d5ead8b667f6c431e390a2abd1c19 Loading...

	43.228.129.36/assets/custom/js/plugins.min.v1685929586.js	1.5 MB	2023-10-14	2024-05-10
Pretty URL 43.228.129.36/assets/custom/js/plugins.min.v1685929586.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 11:24:24 Last Seen2024-05-10 14:13:32 Times Seen10 Hash 80b9927a7034e2dd6278d978b1fa74e4 428871b97a32dae285a291ed5cd2324ebbbd2487 e2d5974a1b59c13ebf1c64f13edd6db9feb3d3d60b48b6e0a42d9da1b317ae7e Loading...

	43.228.129.36/assets/core/js/main/jquery.min.v1685929695.js	90 kB	2023-03-07	2024-05-20
Pretty URL 43.228.129.36/assets/core/js/main/jquery.min.v1685929695.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:20 Last Seen2024-05-20 11:54:51 Times Seen4374 Hash 7c14a783dfeb3d238ccd3edd840d82ee ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b 80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0 Loading...

	43.228.129.36/assets/core/js/plugins/extensions/jquery-ui/jquery-ui.min.js	254 kB	2023-06-17	2024-05-10
Pretty URL 43.228.129.36/assets/core/js/plugins/extensions/jquery-ui/jquery-ui.min.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 13:50:33 Last Seen2024-05-10 14:13:31 Times Seen12 Hash fee51864be5fe2de8447bbefbd97762b 7dcbdbf3f06292e5fa315d8ee66c9fd07a819d12 d23d23f1e6a2bf832f3ee9049d12b64567c47e6794d5055af5c58b09029bc201 Loading...

	43.228.129.36/assets/custom/js/core.v1685929586.js	244 kB	2024-05-10	2024-05-10
Pretty URL 43.228.129.36/assets/custom/js/core.v1685929586.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 14:13:31 Last Seen2024-05-10 14:13:32 Times Seen2 Hash 6946fcd18baec802b2dafcd38a36ce5d 0ade93e0391ec2cff83232fb821fea53e8ed119b 966991e33a4ec649672dfa188bd53d9c9f526f0b7f51069ac604450c04eac8e8 Loading...

	43.228.129.36/assets/custom/pages/scripts/login.v1685929527.js	4.3 kB	2023-10-14	2024-05-10
Pretty URL 43.228.129.36/assets/custom/pages/scripts/login.v1685929527.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 11:24:23 Last Seen2024-05-10 14:13:31 Times Seen10 Hash 17ed94661ce1b698816f4d1cf00dc460 9925737e7dd301c08ec4953ad6e7968fab5a3e01 76f6f295864075543c926ce0cc30ecad3e073ad3be464366b50eb3c2c926cd9a Loading...

	43.228.129.36/assets/core/js/main/common.v1685929695.js	30 kB	2023-06-17	2024-05-10
Pretty URL 43.228.129.36/assets/core/js/main/common.v1685929695.js IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 13:50:33 Last Seen2024-05-10 14:13:32 Times Seen13 Hash 06c18c9a6fc53c2ddca958513b204860 34d505d8686cf4121868c471e9c8d66bc178788a 18b2019193a1b0bff16c70a7478d597b091a5ed95bc032eca27cf4970fff84f0 Loading...

	43.228.129.36/login	0 B	2023-03-07	2024-05-20
Pretty URL 43.228.129.36/login IP 43.228.129.36 ASN #17882 UNIVISION LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 21:06:39 Times Seen37892821 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (20)

URL IP Response Size

43.228.129.36/login

43.228.129.36

6.1 kB

URL User Request GET
43.228.129.36/login
IP
43.228.129.36:0
ASN
#17882 UNIVISION LLC

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
6.1 kB (6091 bytes)
Hash
21cf5f6eafb732bf800e27ed2e5b3efc
5e7eb2343663c984d8e2374f32241754095abe70
0f50c85f05420fcd43b1bce54beb6ebfde3765ab4d6347decf0c5e3c7389dfb1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.4.45
Set-Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3; expires=Fri, 10-May-2024 16:12:55 GMT; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 6091
Connection: close
Content-Type: text/html; charset=UTF-8

43.228.129.36/assets/custom/css/theme-color/blue.v1685929582.css

43.228.129.36

200 OK

96 B

URL GET HTTP/1.1
43.228.129.36/assets/custom/css/theme-color/blue.v1685929582.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
ASCII text, with CRLF line terminators
Size
96 B (96 bytes)
Hash
6e88845680f4eb24e18e861589607ae7
a90b7c01d06b939de9d6f9b36617e48922e7421e
2d2b257b54e71e06506d50be021c0eed6593990dab771a1d6022a7499bdd14ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/theme-color/blue.v1685929582.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:22 GMT
ETag: "2bd99-60-5fd5811e0ecdf"
Accept-Ranges: bytes
Content-Length: 96
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/custom/css/login.v1685929582.css

43.228.129.36

200 OK

16 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/css/login.v1685929582.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
ASCII text, with CRLF line terminators
Size
16 kB (16123 bytes)
Hash
e2563781141d3907bb80ad8761fc65f3
197040650392f38927e88344626ab9f0419dba7a
3b68428ece95ddde6adce35a2bbb601ecc05b7f89652d96b0d9faa8265e3e9f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/login.v1685929582.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:22 GMT
ETag: "2bdc1-3efb-5fd5811e42519"
Accept-Ranges: bytes
Content-Length: 16123
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/core/icon/icomoon/styles.v1685929687.css

43.228.129.36

200 OK

48 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/icon/icomoon/styles.v1685929687.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
ASCII text
Size
48 kB (47631 bytes)
Hash
1a456d8dde6be3843fea397c748999c1
b4642df7680f3eca37d0f32a4c80c23afa017805
4e0f37972a5a2eb409aedee793b9360f047c02350192716b1a568f1247749bdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/icon/icomoon/styles.v1685929687.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:07 GMT
ETag: "a360c-ba0f-5fd58181c3449"
Accept-Ranges: bytes
Content-Length: 47631
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/core/css/custom-helper.v1685929686.css

43.228.129.36

200 OK

98 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/css/custom-helper.v1685929686.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
assembler source, ASCII text, with CRLF line terminators
Size
98 kB (98524 bytes)
Hash
48861de8104727bbe88601a8885af6ac
8696991f843c375d04c680932f282736b79f17e7
ca6ad44facbbbedc605b3208152bd5c4287bbefaaaf6898d5b38c73ddb9e83a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/css/custom-helper.v1685929686.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:06 GMT
ETag: "a35d9-180dc-5fd5818187f0e"
Accept-Ranges: bytes
Content-Length: 98524
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/core/js/main/jquery-migrate.min.v1685929695.js

43.228.129.36

200 OK

11 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/js/main/jquery-migrate.min.v1685929695.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, ASCII text, with very long lines (11005), with CRLF line terminators
Size
11 kB (11103 bytes)
Hash
b6a1ad9c3189d8af6b78c6a4c7502a75
8bbfd8b12afdba29b38d5efd896955222bb047a6
30f530395c41bbcf7d7ef43da081040d8a7255fb5a4bc65a0e95b145abb9e0d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/js/main/jquery-migrate.min.v1685929695.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:15 GMT
ETag: "a4357-2b5f-5fd58189c9faa"
Accept-Ranges: bytes
Content-Length: 11103
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/custom/css/plugins.v1685929582.css

43.228.129.36

200 OK

296 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/css/plugins.v1685929582.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
ASCII text, with very long lines (53268), with CRLF line terminators
Size
296 kB (296100 bytes)
Hash
aea47b6ff0c51490c5463fa8e9c04cd4
d2d53869fa207181fa3ae60c5e6f227a906711c3
6c6449ae2e954d12968141a5b8997a58ed62876a77b1796043a0d4b7ba2a6c63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/css/plugins.v1685929582.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:22 GMT
ETag: "2bd73-484a4-5fd5811dfc7e6"
Accept-Ranges: bytes
Content-Length: 296100
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/core/js/main/jquery.min.v1685929695.js

43.228.129.36

200 OK

90 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/js/main/jquery.min.v1685929695.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89500 bytes)
Hash
7c14a783dfeb3d238ccd3edd840d82ee
ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/js/main/jquery.min.v1685929695.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:15 GMT
ETag: "a4354-15d9c-5fd58189c97da"
Accept-Ranges: bytes
Content-Length: 89500
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/core/css/core.v1685929686.css

43.228.129.36

200 OK

561 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/css/core.v1685929686.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
561 kB (561174 bytes)
Hash
d4e76a9b9093d14e83680d896b8143f8
1299f354a941fb0ed05865d0840b14d86c71abb5
e6f8940a7c134b2c7d45eb063f8d80ddc972a0b87ebfe1311318196473b6958d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/css/core.v1685929686.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:56 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:06 GMT
ETag: "a35da-89016-5fd5818188ac6"
Accept-Ranges: bytes
Content-Length: 561174
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:56 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/custom/pages/scripts/login.v1685929527.js

43.228.129.36

200 OK

4.3 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/pages/scripts/login.v1685929527.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
4.3 kB (4290 bytes)
Hash
17ed94661ce1b698816f4d1cf00dc460
9925737e7dd301c08ec4953ad6e7968fab5a3e01
76f6f295864075543c926ce0cc30ecad3e073ad3be464366b50eb3c2c926cd9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/pages/scripts/login.v1685929527.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:45:27 GMT
ETag: "27641-10c2-5fd580e9b1220"
Accept-Ranges: bytes
Content-Length: 4290
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/core/js/main/bootstrap.bundle.min.v1685929695.js

43.228.129.36

200 OK

79 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/js/main/bootstrap.bundle.min.v1685929695.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, ASCII text, with very long lines (65297)
Size
79 kB (78586 bytes)
Hash
6c9e58bd75de51ae8c63cd00802b5dd5
3cb4f090a2cb698eab3fe2cb7ddbe744a4088264
f0e3f4cdc282dc2223fa74f47f49bf78cf0d5ead8b667f6c431e390a2abd1c19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/js/main/bootstrap.bundle.min.v1685929695.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:15 GMT
ETag: "a4356-132fa-5fd58189c9bc2"
Accept-Ranges: bytes
Content-Length: 78586
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/core/icon/custom-icon/iconfont.css

43.228.129.36

200 OK

9.6 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/icon/custom-icon/iconfont.css
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
ASCII text, with CRLF, LF line terminators
Size
9.6 kB (9629 bytes)
Hash
9aa7141ca4a3ece88c19cfc870483cf6
1955e032fecc8ca2a018d55fc0dc7f8423e46e47
abdb2520fe0a823deb36234654012bc459a80afc3e9375636a4f11fbaca18081

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/icon/custom-icon/iconfont.css HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/assets/core/icon/icomoon/styles.v1685929687.css
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:06 GMT
ETag: "a35f4-259d-5fd58181a5b9f"
Accept-Ranges: bytes
Content-Length: 9629
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/css

43.228.129.36/assets/core/js/plugins/extensions/jquery-ui/jquery-ui.min.js

43.228.129.36

200 OK

254 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/js/plugins/extensions/jquery-ui/jquery-ui.min.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, ASCII text, with very long lines (32074)
Size
254 kB (253656 bytes)
Hash
fee51864be5fe2de8447bbefbd97762b
7dcbdbf3f06292e5fa315d8ee66c9fd07a819d12
d23d23f1e6a2bf832f3ee9049d12b64567c47e6794d5055af5c58b09029bc201

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/js/plugins/extensions/jquery-ui/jquery-ui.min.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:10 GMT
ETag: "a3b07-3ded8-5fd581853a3db"
Accept-Ranges: bytes
Content-Length: 253656
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/core/js/main/common.v1685929695.js

43.228.129.36

200 OK

30 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/js/main/common.v1685929695.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (473)
Size
30 kB (29466 bytes)
Hash
06c18c9a6fc53c2ddca958513b204860
34d505d8686cf4121868c471e9c8d66bc178788a
18b2019193a1b0bff16c70a7478d597b091a5ed95bc032eca27cf4970fff84f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/js/main/common.v1685929695.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:15 GMT
ETag: "a4358-731a-5fd58189ca392"
Accept-Ranges: bytes
Content-Length: 29466
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/custom/js/core.v1685929586.js

43.228.129.36

200 OK

244 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/js/core.v1685929586.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (334), with CRLF line terminators
Size
244 kB (244172 bytes)
Hash
6946fcd18baec802b2dafcd38a36ce5d
0ade93e0391ec2cff83232fb821fea53e8ed119b
966991e33a4ec649672dfa188bd53d9c9f526f0b7f51069ac604450c04eac8e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/js/core.v1685929586.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:26 GMT
ETag: "2c473-3b9cc-5fd58121ce884"
Accept-Ranges: bytes
Content-Length: 244172
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/custom/js/plugins.min.v1685929586.js

43.228.129.36

200 OK

1.5 MB

URL GET HTTP/1.1
43.228.129.36/assets/custom/js/plugins.min.v1685929586.js
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (24463)
Size
1.5 MB (1533811 bytes)
Hash
80b9927a7034e2dd6278d978b1fa74e4
428871b97a32dae285a291ed5cd2324ebbbd2487
e2d5974a1b59c13ebf1c64f13edd6db9feb3d3d60b48b6e0a42d9da1b317ae7e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/js/plugins.min.v1685929586.js HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:26 GMT
ETag: "2c494-176773-5fd58121e05ad"
Accept-Ranges: bytes
Content-Length: 1533811
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:57 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/javascript

43.228.129.36/assets/custom/img/veritech_logo.png

43.228.129.36

200 OK

19 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/img/veritech_logo.png
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
PNG image data, 300 x 87, 8-bit/color RGBA, non-interlaced
Size
19 kB (18659 bytes)
Hash
5d46008f1fffce142aca0a571de8a9b2
857f7cbc441083498190375c6070f305216ac234
e7bf1daefc29c7484e70f94c64c9336c6a5be936a2766f804468090acf884755

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/img/veritech_logo.png HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:26 GMT
ETag: "2c439-48e3-5fd58121b4a73"
Accept-Ranges: bytes
Content-Length: 18659
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:58 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

43.228.129.36/assets/custom/img/favicon.png

43.228.129.36

200 OK

4.7 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/img/favicon.png
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
4.7 kB (4734 bytes)
Hash
4e853fd1ed405080b0821a1d6e4b500f
d146d04cc8e434563b67d8ee0f8742a4d3f1dc97
352287da75a037ba42032fa4f1bb51dec0f498c3a8d6e768f46b50bce446c3e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/img/favicon.png HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:25 GMT
ETag: "2c24c-127e-5fd58120cb020"
Accept-Ranges: bytes
Content-Length: 4734
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:59 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

43.228.129.36/assets/custom/img/background/erp-login-left.jpg?v=1

43.228.129.36

200 OK

393 kB

URL GET HTTP/1.1
43.228.129.36/assets/custom/img/background/erp-login-left.jpg?v=1
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2019:09:10 11:38:13], progressive, precision 8, 1340x1080, components 3
Size
393 kB (392559 bytes)
Hash
830690a9d05fb38bb41f723bbb4fe045
75be27ea066dde8df3aec8b41f7def9467ab0eee
0be871993de88acd344e995499043125a38e2849fa9b46864f027794c43289bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/custom/img/background/erp-login-left.jpg?v=1 HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/login
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:46:25 GMT
ETag: "2c266-5fd6f-5fd58120d7758"
Accept-Ranges: bytes
Content-Length: 392559
Cache-Control: max-age=2419200, public
Expires: Fri, 07 Jun 2024 12:12:58 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

43.228.129.36/assets/core/icon/icomoon/fonts/icomoon.woff?3p0rtw

43.228.129.36

200 OK

218 kB

URL GET HTTP/1.1
43.228.129.36/assets/core/icon/icomoon/fonts/icomoon.woff?3p0rtw
IP
43.228.129.36:80
ASN
#17882 UNIVISION LLC

Requested by
http://43.228.129.36/login

File type
Web Open Font Format, TrueType, length 218304, version 1.0
Size
218 kB (218304 bytes)
Hash
c068d37f3b072da2ecefcf5369f219ad
28fabad2e00495d0a7690b99908003bb6d2cc988
657d012c7e3e3bb465f0c70f6088d9844a36835dd74ff9756bac4c78c853b1b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/core/icon/icomoon/fonts/icomoon.woff?3p0rtw HTTP/1.1
Host: 43.228.129.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://43.228.129.36/assets/core/icon/icomoon/styles.v1685929687.css
Cookie: 308d8a96ad35217441f7addbd9af236a=o1pkiqbs5e198673mjh27g95q3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 12:12:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 05 Jun 2023 01:48:06 GMT
ETag: "a3609-354c0-5fd58181c1509"
Accept-Ranges: bytes
Content-Length: 218304
Cache-Control: max-age=2419200
Expires: Fri, 07 Jun 2024 12:12:59 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/plain; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML