199.26.98.228200 OK 826 B URL User Request POST HTTP/1.1 IP 199.26.98.228:80
File type HTML document, Unicode text, UTF-8 text
Hash 8e5f334302c5039365f1bfd5ed92fafc
4d401c8f7aa4edc4fffd46cfb1fad215a063be45
ac458994252c99f87591d0d697bc87daeb1dd983d5b394978ed4756cd5dbb8e5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:05 GMT
Server: Apache
Expires: Sun, 05 May 2024 22:18:05 GMT
Pragma: cache
Cache-Control: max-age=86400
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 826
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228200 OK 36 kB URL User Request POST HTTP/1.1 IP 199.26.98.228:80
File type HTML document, ASCII text, with very long lines (859)
Hash 52eeb93c9a31431e09b126351bd24238
477fba2c7ae30cc4d274ea4ec77b677882dc89a8
ec2b2a4cb628481579e2aa0492b7d5afe18ba7b11b2dbde2056df719c4fd3d5d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST / HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 11
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:06 GMT
Server: Apache
Expires: Sun, 05 May 2024 22:18:06 GMT
Pragma: cache
Cache-Control: max-age=86400
Set-Cookie: cu=Tg; expires=Sun, 05-May-2024 22:18:06 GMT; Max-Age=86400; path=/; domain=199.26.98.228
cuipv6=Tg; expires=Sun, 05-May-2024 22:18:06 GMT; Max-Age=86400; path=/; domain=199.26.98.228
ipv6=Tg; expires=Sun, 05-May-2024 22:18:06 GMT; Max-Age=86400; path=/; domain=199.26.98.228
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 35576
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228/images/icon_nobet.svg?v0419
199.26.98.228200 OK 1.4 kB URL GET HTTP/1.1 199.26.98.228/images/icon_nobet.svg?v0419
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash 56cd5228fcab1c6d3d4caba965015d09
bf2b39c1a38086027f3eac35bd13dc77bcac230d
39dbe497e152a3f9efc28d129ce6ecd77d8c323a6d613a58456e9f19b4b6876f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_nobet.svg?v0419 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=Tg; cuipv6=Tg; ipv6=Tg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:07 GMT
Server: Apache
Last-Modified: Thu, 18 Apr 2024 04:49:07 GMT
Accept-Ranges: bytes
Content-Length: 1439
Connection: close
Content-Type: image/svg+xml
199.26.98.228/images/icon_load.svg
199.26.98.228200 OK 1.4 kB URL GET HTTP/1.1 199.26.98.228/images/icon_load.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash ae595c05f1d8dca015c7fb8d93e1b6a3
b95a55590e49cf6c8f51b9449db480fa7084ade5
5266f016b2ad863907369ef544379393f8668ba47860ba28fb11aa4b64a13ea6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_load.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=Tg; cuipv6=Tg; ipv6=Tg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:07 GMT
Server: Apache
Last-Modified: Thu, 17 Jun 2021 08:46:42 GMT
Accept-Ranges: bytes
Content-Length: 1377
Connection: close
Content-Type: image/svg+xml
199.26.98.228/favicon.ico
199.26.98.228404 Not Found 15 B URL GET HTTP/1.1 199.26.98.228/favicon.ico
IP 199.26.98.228:80
File type ASCII text, with no line terminators
Hash 1150a96d5130b70d7974a94ade917def
bfe2acc9cdfba23a8c6441eeb37fadf92621f064
c861f41d41a86762c5118a7c96d742c4fad754bacabf107a53395054eeebd133
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=Tg; cuipv6=Tg; ipv6=Tg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 04 May 2024 22:18:07 GMT
Server: Apache
Content-Length: 15
Connection: close
Content-Type: text/html; charset=iso-8859-1
199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 241 B URL POST HTTP/1.1 199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type XML 1.0 document, ASCII text, with very long lines (436), with no line terminators
Hash 6621365e7f320e0794753482df5d02ec
0b1e4c16d30b601a651c5c51e0f8a999890e9155
87f186840d9f7dfc60df34f006a23118fd5b3673a338b3353fa76a4b5d5b9a17
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /transform.php?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 63
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 241
Connection: close
Content-Type: text/xml;charset=UTF-8
199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 4.4 kB URL POST HTTP/1.1 199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type HTML document, Unicode text, UTF-8 text, with very long lines (561)
Hash d3576fcbb41218599b08527eb355fc0b
160282b85c2d8bfd0fef809e3afa1b8501cb373b
83daa148cd73836e3e365896acffa429553ed25f8f892f391235c313f99e6489
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /transform.php?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 62
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4416
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 1.3 kB URL POST HTTP/1.1 199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type HTML document, Unicode text, UTF-8 text, with very long lines (527)
Hash 43ba8d1269420b4c03f9789c883e7094
a7108735d3112e7c1f318cbd7de70e85642fa039
2166007659166360a4a0ec4a869adfc1c7ecda43c30584caf5a0baf048d4a6cc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /transform.php?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 63
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1264
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228/style/popup.css?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 5.2 kB URL GET HTTP/1.1 199.26.98.228/style/popup.css?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
Hash 921a36aae2287b2db039c32335dfe7de
6f72da9c943ba05ccc00caba5ae39c2e41574d63
5dd71563a9596d3a922f221e80954ea6d70a5139c5bf70b353d25df02a55cac0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /style/popup.css?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:09 GMT
Server: Apache
Last-Modified: Thu, 26 Oct 2023 05:12:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=28800
Expires: Sun, 05 May 2024 06:18:09 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5187
Connection: close
Content-Type: text/css
199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 21 kB URL POST HTTP/1.1 199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type HTML document, ASCII text, with very long lines (603)
Hash 02070cd2d135ec2af5ec692468885ade
7c6defa29189620dc507aaf7cda8e7b12282150a
039c73ae72cc53a7bbd4fd178b82aea2208297dc17f587e8921ec3f7d45661fd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /transform.php?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 58
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20922
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 22 kB URL POST HTTP/1.1 199.26.98.228/transform.php?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type HTML document, ASCII text, with very long lines (3995)
Hash 2581b9a6e5477e3d57f5ce9679ca3237
64ab760f831bc7e1b069b7338f04503b0d94e5ba
56941485e95cc6a7012427e17e787aaddab03ebfbd447126491691c9d0dbf50e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /transform.php?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 61
Origin: http://199.26.98.228
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22135
Connection: close
Content-Type: text/html; charset=UTF-8
199.26.98.228/images/icon_check.svg
199.26.98.228200 OK 339 B URL GET HTTP/1.1 199.26.98.228/images/icon_check.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash ad163156d452ad98fef062252be92f9d
4fa6a83b8fcd5ed5a3f1f2a2b1c2ef703eda2bdd
7f4f49c9f6c83e953273c3447c29ef73ce092f10085b432ef927de23bbf85ad2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_check.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/popup.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:09 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 05:28:16 GMT
Accept-Ranges: bytes
Content-Length: 339
Connection: close
Content-Type: image/svg+xml
199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
199.26.98.228200 OK 6.7 kB URL GET HTTP/1.1 199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
IP 199.26.98.228:80
File type assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Hash bc2c4468739ab453747df53ed7f54232
6242b75bc4f5cc3af843dc91a22ccc2a2127ebe2
b2873e18ed51e4166cf43368d1a91f92fa42a2b72293116c442f2d57279c8b82
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /style/login.css?ver=2024-04-25-helpIP_11 HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:09 GMT
Server: Apache
Last-Modified: Tue, 19 Mar 2024 09:35:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=28800
Expires: Sun, 05 May 2024 06:18:09 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6693
Connection: close
Content-Type: text/css
199.26.98.228/images/icon_close_b.svg
199.26.98.228200 OK 349 B URL GET HTTP/1.1 199.26.98.228/images/icon_close_b.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash ff79997be19c2c9bfe626f4c8ed180b2
720dd8da65275ba0547f9cbc9f1f991df1d53250
b9ab275846d4f4dd42d6fdbdc11587cd423ae4fcb9bf26397850de1448448ffa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_close_b.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:09 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 05:28:10 GMT
Accept-Ranges: bytes
Content-Length: 349
Connection: close
Content-Type: image/svg+xml
199.26.98.228/images/icon_chrome.svg
199.26.98.228200 OK 1.7 kB URL GET HTTP/1.1 199.26.98.228/images/icon_chrome.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash d2482c3c84188ee60e157cd5fa5e5316
0e5bff742b6444dd15b007f74268c581d3a454db
bd5f81ff4ab1482fb706f4fc2fd0010f9509c6ee79b94bacd3bf0d9350278744
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_chrome.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 05:28:15 GMT
Accept-Ranges: bytes
Content-Length: 1660
Connection: close
Content-Type: image/svg+xml
199.26.98.228/images/icon_safari.svg
199.26.98.228200 OK 2.9 kB URL GET HTTP/1.1 199.26.98.228/images/icon_safari.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash 341f0a46201423b61b1ddd8af3683209
f1c08d48ed1bcbbf85031e2e73d2585958834e54
d2be752900be89624538092ed57707fa093e396727b39f417b47adbce50a0b28
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_safari.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 05:28:15 GMT
Accept-Ranges: bytes
Content-Length: 2936
Connection: close
Content-Type: image/svg+xml
199.26.98.228/images/icon_firefox.svg
199.26.98.228200 OK 4.3 kB URL GET HTTP/1.1 199.26.98.228/images/icon_firefox.svg
IP 199.26.98.228:80
File type SVG Scalable Vector Graphics image
Hash 88e9af7a9aa4d196dc774133cd5fc174
dbf30ebf5b8464fb4a69be8e3215694526572c20
441bc9cfd8151ae4780cec1d7d36c077de61684e855b19404f510bf3f87fb838
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/icon_firefox.svg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Thu, 09 Sep 2021 04:03:26 GMT
Accept-Ranges: bytes
Content-Length: 4313
Connection: close
Content-Type: image/svg+xml
sbc.ry00000.com/iovation/vindex.html?webProtocal=http&webDomain=199.26.98.228
123.108.119.27200 OK 181 B URL GET HTTP/1.1 sbc.ry00000.com/iovation/vindex.html?webProtocal=http&webDomain=199.26.98.228
IP 123.108.119.27:80
File type HTML document, ASCII text
Hash bc2ec16b42d99ffd423bad5ce26121c1
68c6606690a93721acd3b46d2f673431f2619a9f
440a9dcfebe09f3d6487d4e74686a502890cc20744eda993be67c8693a26d13d
GET /iovation/vindex.html?webProtocal=http&webDomain=199.26.98.228 HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Tue, 06 Nov 2018 11:02:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 181
Connection: close
Content-Type: text/html; charset=utf-8
199.26.98.228/images/img_ip_en.jpg
199.26.98.228200 OK 32 kB URL GET HTTP/1.1 199.26.98.228/images/img_ip_en.jpg
IP 199.26.98.228:80
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x156, components 3
Hash dea5479b7bded4b8994d1f91fd4ae077
3bfeb6a0d7bf0c4c5c21836e90680242d1b2e09a
a704485edaf8ea20947764b8cc4436e1c219a8a85a651d9c23213c92f1cf9c7c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/img_ip_en.jpg HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/style/login.css?ver=2024-04-25-helpIP_11
Cookie: cu=VGc=; cuipv6=VGc=; ipv6=VGc=; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 06:08:35 GMT
Accept-Ranges: bytes
Content-Length: 32169
Cache-Control: max-age=28800
Expires: Sun, 05 May 2024 06:18:10 GMT
Connection: close
Content-Type: image/jpeg
sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
123.108.119.27200 OK 791 B URL GET HTTP/1.1 sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
IP 123.108.119.27:80
File type HTML document, Unicode text, UTF-8 text
Hash e16fa1a41496d0fed06eee9f15fd7f1b
7687187795a48948cd722bf1cd231c57b89a8dab
ce5d177a01f8de6ce43f6a9a8bd2809121be4c8b6764c5dfc565d0765bf4bbfa
GET /iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228 HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/vindex.html?webProtocal=http&webDomain=199.26.98.228
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:10 GMT
Server: Apache
Last-Modified: Thu, 01 Nov 2018 08:31:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 791
Connection: close
Content-Type: text/html; charset=utf-8
sbc.ry00000.com/iovation/iovatio_config.js
123.108.119.27 363 B URL sbc.ry00000.com/iovation/iovatio_config.js
IP 123.108.119.27:0
File type ASCII text, with CRLF line terminators
Hash 10b0c63deb21f6203c8b3d817fe3b1e9
a465f374d44c41631fc3dd6ab2e4d39b1d585ef8
84c09ce950e93923648e1320b1f589743e745949dda067f0391a25e4a904544e
GET /iovation/iovatio_config.js HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:11 GMT
Server: Apache
Last-Modified: Wed, 31 Mar 2021 02:44:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 363
Connection: close
Content-Type: application/javascript
sbc.ry00000.com/iovation/iovatio_loader.js
123.108.119.27 1.6 kB URL sbc.ry00000.com/iovation/iovatio_loader.js
IP 123.108.119.27:0
File type JavaScript source, ASCII text, with very long lines (530), with CRLF line terminators
Hash 2a7b8c56a5ca2fb69a0ad0f6263861f1
fe048827a3b7c93e2861c1d1fe2ffa561a2c5e7f
890bd1842b0566ec4b18ea6380f4fc6ee2ad7a8affc6edf36d529c54c1b8486b
GET /iovation/iovatio_loader.js HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:11 GMT
Server: Apache
Last-Modified: Thu, 27 Sep 2018 06:27:44 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1563
Connection: close
Content-Type: application/javascript
mpsnare.iesnare.com/general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
54.195.39.4 19 kB URL mpsnare.iesnare.com/general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
IP 54.195.39.4:0
File type JavaScript source, ASCII text, with very long lines (1082)
Hash 51cf2eee720808530c580c6d8110f24f
2fdd586e846a578d8367db79c96e0b5e63ce468b
c4735d7c67460bc0d303241e5a6a0c0d6984423cfd1ad5869dc9583d2916b73a
GET /general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 22:18:11 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=GAbw7DPG5VPyAuqT+e1LBMLhF2aR2WvXegIxZGpKTKQ=;Path=/;Expires=Sun, 04-May-2025 22:18:11 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Accept-CH: Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
mpsnare.iesnare.com/star
54.195.39.4 0 B IP 54.195.39.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /star HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://sbc.ry00000.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aicj4QOjbjSn55zSSBjc7w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sat, 04 May 2024 22:18:12 GMT
Connection: upgrade
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Accept: ElJLjyOdc8lE+OA2ZZcJgz/ancE=
Upgrade: WebSocket
mpsnare.iesnare.com/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js
54.195.39.4 420 B URL mpsnare.iesnare.com/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js
IP 54.195.39.4:0
File type JavaScript source, ASCII text, with very long lines (377)
Hash 845a52aba6a35280bd18de49972a2994
772dfd0e4cfd011a83aa26190d74df8635473fad
b74815ccbdfe933cb29fda01666d80cf4e983da476c4e70d77be89844e36d7e2
GET /5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 22:18:12 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Sun, 04 May 2025 22:18:12 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
mpsnare.iesnare.com/time.mp3?nocache=0.10336443994774702
54.195.39.4 504 B URL mpsnare.iesnare.com/time.mp3?nocache=0.10336443994774702
IP 54.195.39.4:0
File type MPEG ADTS, layer III, v2.5, 32 kbps, 8 kHz, JntStereo
Hash cfe47da3367b896cf8fe9d23144e6294
5eb28e56c71ce7e851b99b4d90b4091e3090243a
2857eb76b4850703192f5d42bc145b2384147fcb65f63b5447ed74664e241507
GET /time.mp3?nocache=0.10336443994774702 HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 04 May 2024 22:18:12 GMT
Content-Type: audio/mpeg
Content-Length: 504
Connection: keep-alive
Content-Disposition: inline; filename=time.mp3
Content-Range: bytes 0-503/504
Accept-Ranges: bytes
Pragma: public
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
sbc.ry00000.com/iojs/general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
123.108.119.27 16 kB URL sbc.ry00000.com/iojs/general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
IP 123.108.119.27:0
File type JavaScript source, ASCII text, with very long lines (761)
Hash 8960f94ea2082983640a8e5597fcc56a
23530ac15b77e791aac405224137fa728eb28561
7bdfd46cdac7d6e9a54b7e63d8c43cce2a82269cc72c3a2cb471eab955240a5b
GET /iojs/general5/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:12 GMT
Server: Apache
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 03 Jun 2024 22:18:12 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked
mpsnare.iesnare.com/star
54.195.39.4 0 B IP 54.195.39.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /star HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://sbc.ry00000.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UwNgce+D8Pf1gqrU7bmXHw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sat, 04 May 2024 22:18:12 GMT
Connection: upgrade
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Accept: GkbbiWIqcZ8FsLtU7CXN/OgEU3Q=
Upgrade: WebSocket
mpsnare.iesnare.com/time.mp3?nocache=0.7670159239774025
54.195.39.4 504 B URL mpsnare.iesnare.com/time.mp3?nocache=0.7670159239774025
IP 54.195.39.4:0
File type MPEG ADTS, layer III, v2.5, 32 kbps, 8 kHz, JntStereo
Hash cfe47da3367b896cf8fe9d23144e6294
5eb28e56c71ce7e851b99b4d90b4091e3090243a
2857eb76b4850703192f5d42bc145b2384147fcb65f63b5447ed74664e241507
GET /time.mp3?nocache=0.7670159239774025 HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 04 May 2024 22:18:12 GMT
Content-Type: audio/mpeg
Content-Length: 504
Connection: keep-alive
Content-Disposition: inline; filename=time.mp3
Content-Range: bytes 0-503/504
Accept-Ranges: bytes
Pragma: public
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
sbc.ry00000.com/iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/dyn_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
123.108.119.27 1.4 kB URL sbc.ry00000.com/iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/dyn_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
IP 123.108.119.27:0
File type JavaScript source, ASCII text, with very long lines (1011)
Hash 2aa2bce3f346838b1a0164c078598829
70b2d76b4bba8579e595c6190b2d235c82d53ba3
bba4cc1bd0375ac3c95d323d64501cab4b4f72ff296d58157eb83476ad7013f0
GET /iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/dyn_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: 2024-May-04 22:18:13
Server: Apache
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Content-Type: text/javascript; charset=utf-8
Accept-CH: Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1402
Set-Cookie: fp_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=okVZZesVNRw5VBDUhJGrqrBficU4tiC5NLXQ+HHmc6Q=;Path=/;Expires=Sun, 04-May-2025 22:18:13 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Connection: close
sbc.ry00000.com/iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js
123.108.119.27 420 B URL sbc.ry00000.com/iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js
IP 123.108.119.27:0
File type JavaScript source, ASCII text, with very long lines (377)
Hash 89770bfcaf5937bd6e3da22cdf0d0853
a1eeeaa53a9de8a20c5d604e3a3d260db0bda1f9
2f1cb76806225dd378c9e0981a369e002648b8ed9e7a274413fde2f9e4c423f9
GET /iojs/5.7.0/gOJj1DVg9JYg8QP1lpT_aivr5mCIwdjBL40uSfiwFU8/logo.js HTTP/1.1
Host: sbc.ry00000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/iovation/iovation.html?webProtocal=http&webDomain=199.26.98.228
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:13 GMT
Server: Apache
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Content-Type: text/javascript; charset=utf-8
Expires: Sun, 04 May 2025 22:18:13 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 420
Connection: close
199.26.98.228/iovation/vindex.php
199.26.98.228 4.3 kB URL 199.26.98.228/iovation/vindex.php
IP 199.26.98.228:0
File type HTML document, ASCII text, with very long lines (5502)
Hash 5a90c0abbae15a86fec4436c4cbb7212
a2d7bc78316880e91aaa3ef3068e3828b518b37b
c31e8170c88aeabd34f321e436073f617808f249aaf90d92a324d3c6c59cb389
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /iovation/vindex.php HTTP/1.1
Host: 199.26.98.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 5810
Origin: http://sbc.ry00000.com
DNT: 1
Connection: keep-alive
Referer: http://sbc.ry00000.com/
Cookie: cu=Tg==; cuipv6=Tg==; ipv6=Tg==; CookieChk=WQ==; protocolstr=aHR0cA==; loadBB=WQ==
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 22:18:14 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4252
Connection: close
Content-Type: text/html; charset=UTF-8
cuv6.niab12345.com/transform.php?p=loadDomain&type=cuipv6&ver=1457748
0.0.0.0 0 B URL GET cuv6.niab12345.com/transform.php?p=loadDomain&type=cuipv6&ver=1457748
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /transform.php?p=loadDomain&type=cuipv6&ver=1457748 HTTP/1.1
Host: cuv6.niab12345.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
p1v6.niab12345.com/transform.php?p=loadDomain&type=ipv6&ver=2944435
0.0.0.0 0 B URL GET p1v6.niab12345.com/transform.php?p=loadDomain&type=ipv6&ver=2944435
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /transform.php?p=loadDomain&type=ipv6&ver=2944435 HTTP/1.1
Host: p1v6.niab12345.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
scu.niab12345.com/transform.php?p=loadDomain&type=cu&ver=660990
0.0.0.0 0 B URL GET scu.niab12345.com/transform.php?p=loadDomain&type=cu&ver=660990
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /transform.php?p=loadDomain&type=cu&ver=660990 HTTP/1.1
Host: scu.niab12345.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://199.26.98.228/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache