| |  117.248.104.80 | | 33 kB |
IP117.248.104.80:0 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with very long lines (1314), with CRLF, NEL line terminators Hash61789447e3d784235911598524893912 cbfbc6b41c33ac840b3cf96cd5fb01611f0ec577 d1db28e1758083ee9d9b0982d46e556944cac399aa244d5e367023af7eb34812
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDCQSRBTCD=PDMJOABCDFLBNEIKLGMJHDCA; path=/
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:51 GMT
Content-Length: 32761
|
|
| | 117.248.104.80 | | 33 kB |
IP117.248.104.80:0 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with very long lines (1314), with CRLF, NEL line terminators Hash61789447e3d784235911598524893912 cbfbc6b41c33ac840b3cf96cd5fb01611f0ec577 d1db28e1758083ee9d9b0982d46e556944cac399aa244d5e367023af7eb34812
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB; path=/
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 32761
|
|
| apis.google.com/js/api:client.js |  142.250.74.110 | 200 OK | 5.9 kB |
URL GET HTTP/2apis.google.com/js/api:client.js IP142.250.74.110:443
CertificateIssuerGoogle Trust Services LLC Subject*.apis.google.com FingerprintA2:59:20:19:C5:59:93:57:6E:20:C4:F9:82:FE:17:0C:78:A8:1E:8C ValidityMon, 08 Apr 2024 07:34:09 GMT - Mon, 01 Jul 2024 07:34:08 GMT
File typeJavaScript source, ASCII text, with very long lines (2054) Hashb6a0aa504930249eaf6ee601d0944b8a ef420f4dc4c06024e97295be6134a908015c7f22 33d52456caa8c28a6d67b046726b11dfda738ee45372e7aef9abedebe610db22
GET /js/api:client.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 5904
date: Fri, 26 Apr 2024 21:59:53 GMT
expires: Fri, 26 Apr 2024 21:59:53 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "07ffe96d18ebec0f"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Open+Sans | 142.250.74.106 | 200 OK | 1.5 kB |
URL GET HTTP/1.1fonts.googleapis.com/css?family=Open+Sans IP142.250.74.106:80
File typeASCII text, with very long lines (1572) Hash8494cb780c29806c002ddd96a62fb89f 60a75db7cd42b4f54484229e5f622f4e78bf3758 c042a5f128ea9d12107360aa8c1f4c5a8801d4907098715b04baa423349808cc
GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 26 Apr 2024 21:59:54 GMT
Date: Fri, 26 Apr 2024 21:59:54 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
|
|
| upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg | 185.15.59.240 | 404 Not Found | 90 B |
URL GET HTTP/2upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg IP185.15.59.240:443
CertificateIssuerDigiCert Inc Subject*.wikipedia.org Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash1a5ff7436a48d828e979ffb6719cb5ce da8a5ac72f5c8c150abe65ea6bb0545802a16e10 7c742e5faf3aa562b9b350c448e1dca69861f591c35acda513e1687dd241f3a4
GET /wikipedia/commons/5/53/Google_%22G%22_Logo.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
content-length: 90
date: Fri, 26 Apr 2024 21:57:33 GMT
server: envoy
age: 140
x-cache: cp3078 miss, cp3078 hit/84
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 117.248.104.80/css/login_style.css | 117.248.104.80 | 200 OK | 12 kB |
URL GET HTTP/1.1117.248.104.80/css/login_style.css IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeASCII text, with CRLF line terminators Hash51d1b5d9c811bf95bd3a5d8af0957b56 db5de30e808555055ff663319527bb361009df68 513989c140fe856b6941cd3d1a8e8fa2493026f251288c719fc574912861e1df
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/login_style.css HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 02 Aug 2023 07:34:55 GMT
Accept-Ranges: bytes
ETag: "de665fd513c5d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 11716
|
|
| 117.248.104.80/ASPXMVC/Scripts/infour_c.js | 117.248.104.80 | 200 OK | 35 kB |
URL GET HTTP/1.1117.248.104.80/ASPXMVC/Scripts/infour_c.js IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (38663), with CRLF line terminators Hash76bad4b4b1e7f951ac1e67a9e8f073a4 066fb48e4ec3b60c1853b2a38cd43ffc256c367c 8c4da81ca671072549bade6de2b0ed8b4a8831c49db2ee274d92abb32431c89a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ASPXMVC/Scripts/infour_c.js HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 08 Sep 2023 10:25:04 GMT
Accept-Ranges: bytes
ETag: "0c028bb3ee2d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 35429
|
|
| 117.248.104.80/JS/JSFunctions.js | 117.248.104.80 | 200 OK | 20 kB |
URL GET HTTP/1.1117.248.104.80/JS/JSFunctions.js IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeUnicode text, UTF-8 (with BOM) text, with CRLF line terminators Hash0c6fd6391050cc8197518c5aea187093 61f358860d45f3ca54edd3fc0eb78a2324eb39ee b75cb634120a4ae72d45789419daab0ee696154150d318fd0789da13d88b21c0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /JS/JSFunctions.js HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 18 Sep 2018 05:05:54 GMT
Accept-Ranges: bytes
ETag: "0a5b446d4fd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 20290
|
|
| 117.248.104.80/ASPXMVC/Styles/jquery-ui.css | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/ASPXMVC/Styles/jquery-ui.css IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ASPXMVC/Styles/jquery-ui.css HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 1245
|
|
| 117.248.104.80/ASPXMVC/Scripts/jquery-ui.min.js | 117.248.104.80 | 200 OK | 61 kB |
URL GET HTTP/1.1117.248.104.80/ASPXMVC/Scripts/jquery-ui.min.js IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeJavaScript source, ASCII text, with very long lines (65535) Hash7851f1ecece88cd01833ebf5c61304d8 5413540afc2bb158bf140cc1c7b2552dd9fd8acb 16062a8a65a0c39ce77db730eec1d7de85aa75edbfecae5abadc666573a6dfbb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ASPXMVC/Scripts/jquery-ui.min.js HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 05 Sep 2023 13:35:48 GMT
Accept-Ranges: bytes
ETag: "05213e1fddfd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:53 GMT
Content-Length: 61279
|
|
| 117.248.104.80/images/login/awesome-headset.svg | 117.248.104.80 | 200 OK | 707 B |
URL GET HTTP/1.1117.248.104.80/images/login/awesome-headset.svg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeSVG Scalable Vector Graphics image Hash28831f287abf76e76621b2576b66d41c 7ead482a8d4a2481d16e439547ed418d1e3bbc7c 5b572a22e8f822542b81c300421d227adb5566042b7c75cc5d541889c3961c52
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/awesome-headset.svg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 29 Mar 2023 06:57:15 GMT
Accept-Ranges: bytes
ETag: "56dcf9b1b62d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 707
|
|
| 117.248.104.80/images/login/dots.png | 117.248.104.80 | 200 OK | 5.3 kB |
URL GET HTTP/1.1117.248.104.80/images/login/dots.png IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typePNG image data, 249 x 161, 8-bit/color RGB, non-interlaced Hash0a5547ef0564e97aa2e328acb6a73870 b86b95cfe61ed686581d3cace30c15e091454abf beb6b13b76485318ea3e09d7dfa03b303d43a41a5259623245d0f0efe345386f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/dots.png HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 29 Mar 2023 06:57:15 GMT
Accept-Ranges: bytes
ETag: "e8402b2b62d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 5348
|
|
| 117.248.104.80/images/login/logo_in4SuiteRE.png | 117.248.104.80 | 200 OK | 16 kB |
URL GET HTTP/1.1117.248.104.80/images/login/logo_in4SuiteRE.png IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typePNG image data, 300 x 142, 8-bit/color RGBA, non-interlaced Hash59c3110c508aaf362e0572a4a63b9c95 671debdfaec3cca4ddc6e17b2fda8ea1dcc54cf9 3e94a76dfec0c84d2d109d2ff11caf8d033c0a05bd2f6b9b58d075637eb7af6d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/logo_in4SuiteRE.png HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 06 Apr 2023 13:45:05 GMT
Accept-Ranges: bytes
ETag: "c7da94fe8d68d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 15795
|
|
| 117.248.104.80/css/SegoeUI.woff2 | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI.woff2 IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI.woff2 HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/ASPXMVC/Styles/jquery-ui.css | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/ASPXMVC/Styles/jquery-ui.css IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ASPXMVC/Styles/jquery-ui.css HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg | 185.15.59.240 | 404 Not Found | 90 B |
URL GET HTTP/2upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg IP185.15.59.240:443
CertificateIssuerDigiCert Inc Subject*.wikipedia.org Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash1a5ff7436a48d828e979ffb6719cb5ce da8a5ac72f5c8c150abe65ea6bb0545802a16e10 7c742e5faf3aa562b9b350c448e1dca69861f591c35acda513e1687dd241f3a4
GET /wikipedia/commons/5/53/Google_%22G%22_Logo.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
content-length: 90
date: Fri, 26 Apr 2024 21:57:33 GMT
server: envoy
age: 141
x-cache: cp3078 miss, cp3078 hit/85
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 117.248.104.80/images/client_logo.jpg | 117.248.104.80 | 200 OK | 78 kB |
URL GET HTTP/1.1117.248.104.80/images/client_logo.jpg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7], baseline, precision 8, 1536x376, components 3 Hashcdab02bc9b7866de8d91c8fce0d7dab8 7fd2e76f56b107e5af04b0bf4598513bb2fe44de 418ec64150b6bee72f95613a06e895a9fba4533c675de80a130bba36996a55fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/client_logo.jpg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 27 Feb 2020 05:24:39 GMT
Accept-Ranges: bytes
ETag: "56e3f7342eedd51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 78075
|
|
| 117.248.104.80/css/SegoeUI.woff | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI.woff IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI.woff HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/images/login/awesome-certificate.svg | 117.248.104.80 | 200 OK | 770 B |
URL GET HTTP/1.1117.248.104.80/images/login/awesome-certificate.svg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeSVG Scalable Vector Graphics image Hashf9cba77d9cbe7627d385d08dfe218acd 97082765f990e5828299325b9f39a1d9920b6014 8a85effa135ab8974066faab153d2f80a5d6e9be0a00c67f781b5c130f7540d3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/awesome-certificate.svg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 29 Mar 2023 06:57:15 GMT
Accept-Ranges: bytes
ETag: "d64cf3b1b62d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 770
|
|
| 117.248.104.80/images/login/in4-logo.svg | 117.248.104.80 | 200 OK | 1.9 kB |
URL GET HTTP/1.1117.248.104.80/images/login/in4-logo.svg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeSVG Scalable Vector Graphics image Hasha8f1f454bc954021c1b895bfeb0d802b c6f3342220fd4bcba4c45379b4c84b7c92d132ab 30d09f5c28791b97041af1fa947b4f4f62204c8d58cdc95cadd919d65e7712f7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/in4-logo.svg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Content-Encoding: gzip
Last-Modified: Mon, 14 Dec 2020 08:08:20 GMT
Accept-Ranges: bytes
ETag: "032ef48f0d1d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1913
|
|
| 117.248.104.80/images/login/feather-user.svg | 117.248.104.80 | 200 OK | 567 B |
URL GET HTTP/1.1117.248.104.80/images/login/feather-user.svg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeSVG Scalable Vector Graphics image Hash88a0e15307a901eeccdc6f850782c3de 4a28019b469fc960c35a58db8cb62804f83235f0 551e13c092158ab3bc86daa59071a221f02ad4054786c827048486a4f37df2bf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/feather-user.svg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 29 Mar 2023 06:57:15 GMT
Accept-Ranges: bytes
ETag: "40431db2b62d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 567
|
|
| 117.248.104.80/css/SegoeUI-SemiboldItalic.woff2 | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-SemiboldItalic.woff2 IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-SemiboldItalic.woff2 HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/css/SegoeUI-Bold.woff2 | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-Bold.woff2 IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-Bold.woff2 HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/css/SegoeUI-Semibold.woff2 | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-Semibold.woff2 IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-Semibold.woff2 HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/images/login/feather-lock.svg | 117.248.104.80 | 200 OK | 638 B |
URL GET HTTP/1.1117.248.104.80/images/login/feather-lock.svg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeSVG Scalable Vector Graphics image Hash91cec003ae232174c500c767d144a15d bafc042c446a40e4a5cac2e622db4cdb37384573 f33a4b1d4f8b678395c405800b3edba279982ea95ace10855c2e3c56d9c5ef4d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/feather-lock.svg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 29 Mar 2023 06:57:15 GMT
Accept-Ranges: bytes
ETag: "a9e212b2b62d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 638
|
|
| 117.248.104.80/css/SegoeUI-SemiboldItalic.woff | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-SemiboldItalic.woff IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-SemiboldItalic.woff HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/css/SegoeUI-Bold.woff | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-Bold.woff IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-Bold.woff HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| 117.248.104.80/css/SegoeUI-Semibold.woff | 117.248.104.80 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1117.248.104.80/css/SegoeUI-Semibold.woff IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeHTML document, ASCII text, with CRLF line terminators Hash5343c1a8b203c162a3bf3870d9f50fd4 04b5b886c20d88b57eea6d8ff882624a4ac1e51d dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SegoeUI-Semibold.woff HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/css/login_style.css
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 1245
|
|
| apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs | 142.250.74.110 | 200 OK | 62 B |
URL GET HTTP/3apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs IP142.250.74.110:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text Hash9837d62b4d9d445a9518b5dcfccc6486 34f2b6624b39dc150b894e885f224fe6e109d950 27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 62
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:54:13 GMT
expires: Sat, 26 Apr 2025 05:54:13 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 18:15:45 GMT
content-type: text/javascript; charset=UTF-8
age: 57942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs | 142.250.74.110 | 200 OK | 111 kB |
URL GET HTTP/3apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs IP142.250.74.110:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text, with very long lines (2124) Size111 kB (111042 bytes) Hash5e1f51f81d8ccc6a9416f2343bb51285 263266f4b4808a8cf944854afde4a8b928336ac9 d7c8cad0d955b575b2210f6acbe90b948313f78b49b1a6b3804615de4e198ac3
GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 111042
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:01:24 GMT
expires: Sat, 26 Apr 2025 06:01:24 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 18:15:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 57511
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 117.248.104.80/images/login/login_bg.jpg | 117.248.104.80 | 200 OK | 638 kB |
URL GET HTTP/1.1117.248.104.80/images/login/login_bg.jpg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1794x1082, components 3 Size638 kB (638264 bytes) Hash73b31a525303dd5d1cfd85772c2d9169 978df32ee1f8cfddc6aa8e054b5acca8c9b65abd 5893e6e2ef9acb0cc920e063d37ad0848601d5cb098976142b2ca374cc4703f5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/login/login_bg.jpg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 06 Apr 2023 13:45:05 GMT
Accept-Ranges: bytes
ETag: "809cb2fe8d68d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:54 GMT
Content-Length: 638264
|
|
| 117.248.104.80/images/fav-new.jpg | 117.248.104.80 | 200 OK | 579 kB |
URL GET HTTP/1.1117.248.104.80/images/fav-new.jpg IP117.248.104.80:80 ASN#9829 National Internet Backbone
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=472, bps=0, PhotometricInterpretation=CMYK, orientation=upper-left, width=472], progressive, precision 8, 100x100, components 4 Size579 kB (578819 bytes) Hash509a94a5fe418792d1bd3b3e8e9f2851 3929cdb189136521711a2956e293091b68d1c7df 139fd2a1bbf31f4c1ff60187b10a927129072130f0ad1d2cd6d2e07350ffb388
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/fav-new.jpg HTTP/1.1
Host: 117.248.104.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Cookie: ASPSESSIONIDCQSRBTCD=AEMJOABCBCEOAAOIFCBKLALB
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 02 Aug 2023 07:34:58 GMT
Accept-Ranges: bytes
ETag: "46930d713c5d91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 21:59:56 GMT
Content-Length: 578819
|
|
| fonts.googleapis.com/css?family=Roboto | 142.250.74.106 | 200 OK | 2.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typeASCII text, with very long lines (2218), with no line terminators Hash807b0cff287eb02fda9eb3a87e2746a5 34a0af77abd82f106052590a0e624b2803a6572d 35c288796da2ba3b90a7a7ef7e75a5e7eb55cad381d227beda8c5e400a04caff
GET /css?family=Roboto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://117.248.104.80/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 21:59:53 GMT
date: Fri, 26 Apr 2024 21:59:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|