{"report_id":"19754f3e-70f2-47b8-ba9a-4ed65148e99a","version":6,"status":"done","tags":["botpanel","malware"],"date":"2025-09-01T23:33:01Z","url":{"schema":"http","addr":"128.199.113.162/panel/index.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"http","addr":"128.199.113.162/panel/Login.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"title":"Authorization"},"submit":{"url":{"schema":"http","addr":"128.199.113.162/panel/index.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-06T23:33:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":2,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T23:32:38Z","timestamp":1756769558,"ip_dst":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.24","port":54036,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2025-09-01T23:32:38.375364+0000\",\"flow_id\":170994141774194,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":54036,\"dest_ip\":\"128.199.113.162\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91436830,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"128.199.113.162\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":54036},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_27\"]}},\"http\":{\"hostname\":\"128.199.113.162\",\"url\":\"/panel/Login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":585},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1736,\"bytes_toclient\":2031,\"start\":\"2025-09-01T23:32:36.344434+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"summary":[{"fqdn":"128.199.113.162","ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2020-06-06T17:21:21Z","last_seen":"2020-07-23T17:19:30Z","alert_count":10,"request_count":7,"received_data":11933,"sent_data":2948,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T23:32:38Z","timestamp":1756769558,"ip_dst":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.24","port":54036,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2025-09-01T23:32:38.375364+0000\",\"flow_id\":170994141774194,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":54036,\"dest_ip\":\"128.199.113.162\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91436830,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"128.199.113.162\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":54036},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_27\"]}},\"http\":{\"hostname\":\"128.199.113.162\",\"url\":\"/panel/Login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":585},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1736,\"bytes_toclient\":2031,\"start\":\"2025-09-01T23:32:36.344434+0000\"}}"}]}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"128.199.113.162/favicon.ico","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://128.199.113.162/panel/index.php","date":"2025-09-01T23:32:36.856Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://128.199.113.162/panel/index.php\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 01 Sep 2025 23:32:36 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nContent-Length: 277\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"90cc3178a8d20ca2f335c614bd7e9e01","sha1":"bc16298df99c6ec4863b4816633ee5cb91990e33","sha256":"fa9813bac3f73753d3b939ca58f2817d9f37d3307da1b1579735bcdeb27324db","sha512":"aadd0b2ba8f557259bde70a6ee9685031401d1d7a5e04b175d52c5df01b01df147c867751a09a2f5ae4f7014a903657b48cfbf130b49a3f5a5fd0ef8c4912e41","ssdeep":"","tlshash":"23d02bdf5053a3c74812146039c615c6268d12eab46e85e82e86e487539897edd9a988","first_seen":"2023-09-02T14:17:55Z","last_seen":"2025-11-28T09:56:19.40809Z","times_seen":17,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"128.199.113.162/panel/Login.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T23:32:37.838Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/Login.php HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T13:37:42.960998Z","times_seen":16443968,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T23:32:38Z","timestamp":1756769558,"ip_dst":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.24","port":54036,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2025-09-01T23:32:38.375364+0000\",\"flow_id\":170994141774194,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":54036,\"dest_ip\":\"128.199.113.162\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91436830,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"128.199.113.162\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":54036},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_27\"]}},\"http\":{\"hostname\":\"128.199.113.162\",\"url\":\"/panel/Login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":585},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1736,\"bytes_toclient\":2031,\"start\":\"2025-09-01T23:32:36.344434+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"128.199.113.162/panel/Login.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T23:32:38.192Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/Login.php HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Sep 2025 23:32:38 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 585\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2984,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"b7c1293fe027f71ac7d7afb6d7d91824","sha1":"b4a6ac9871edf08cd1221df6820ca7915a0919fa","sha256":"dce10737d7cef41ad3722b9e117d740ccbf3c2a8feef6e49bb033227b0b01a15","sha512":"3ec2b111923c58777fd37467b1bc12f5f77892b2d4674b2debc0774119f029a30af63765ae6f94ad46dd24fc33c3933b6f271842589b300a5facdc2ad3d6fcd1","ssdeep":"","tlshash":"5551366259c1fa1541339224cbd16e94efe3803783072990794f77af1fbdd40caa7a68","first_seen":"2025-08-06T17:00:45.867117Z","last_seen":"2025-11-28T09:56:19.409984Z","times_seen":9,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T23:32:38Z","timestamp":1756769558,"ip_dst":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.24","port":54036,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2025-09-01T23:32:38.375364+0000\",\"flow_id\":170994141774194,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":54036,\"dest_ip\":\"128.199.113.162\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91436830,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"128.199.113.162\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":54036},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_27\"]}},\"http\":{\"hostname\":\"128.199.113.162\",\"url\":\"/panel/Login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":585},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1736,\"bytes_toclient\":2031,\"start\":\"2025-09-01T23:32:36.344434+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"128.199.113.162/panel/Css/Style.css","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://128.199.113.162/panel/Login.php","date":"2025-09-01T23:32:38.411Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/Css/Style.css HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://128.199.113.162/panel/Login.php\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Sep 2025 23:32:38 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Fri, 15 Apr 2022 13:42:45 GMT\r\nETag: \"1829-5dcb195e5e793-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1408\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":6185,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"0459c6863d3082ea6f20e0a063d13d51","sha1":"fad1f4f88f86a96c4ab231b59ee8c0317c459b11","sha256":"83c2dc15d1b5cace5d2fd5f87a89fdf0c727bdd7859ce973caf3c4f5f4abe0df","sha512":"4f8dabfec3f2e84fe31f5593872380cd44789879d650b7c362307fda4b1032be782c692f65cd3037e6ed3e586dc282817c7904230eb20e9c5ba1709f6e861755","ssdeep":"192:+xWM2gAgBygXq5ZsLsuRKCb0fA/1utaKudoj1:FIDq5qxBa","tlshash":"78d1f065531b2105307796d779e3db66222e8809e11341bc79f978e0c58e1bb427ebd2","first_seen":"2025-08-06T17:00:45.876605Z","last_seen":"2025-11-28T09:56:19.411866Z","times_seen":9,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"128.199.113.162/panel/Images/Ico.ico","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://128.199.113.162/panel/Login.php","date":"2025-09-01T23:32:38.522Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/Images/Ico.ico HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://128.199.113.162/panel/Login.php\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Sep 2025 23:32:38 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Fri, 15 Apr 2022 13:43:17 GMT\r\nETag: \"47e-5dcb197d09a62\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1150\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/vnd.microsoft.icon\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"b2bcd585ec006f9da4bbeb6d38928e49","sha1":"4dd455a112ca3f49d40bbab7e559fb785a67d61c","sha256":"54713a2d801093e2d318a36f662604649aeb8bd6f649bec00c53abf6813f2014","sha512":"cb491aadef6c5d03203a5b1220a39218c935d8984baf3ffc0a094f9049a0a19a530b4670ee065363fc03320b5377d4928a957e43092f6f2190fa7cd5bc8734f1","ssdeep":"","tlshash":"9321a555b602cca9ce06477fb55d8be150073816e80981172eb46d2aaebf50fd20b7d0","first_seen":"2023-12-07T18:19:01Z","last_seen":"2026-06-11T15:44:26.023473Z","times_seen":1826,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":71,"dns":0,"connect":176,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"https","addr":"128.199.113.162/panel/index.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T23:32:35.973Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/index.php HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T13:37:42.960998Z","times_seen":16443968,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"128.199.113.162/panel/index.php","fqdn":"128.199.113.162","domain":"128.199.113.162","tld":""},"ip":{"addr":"128.199.113.162","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T23:32:36.349Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /panel/index.php HTTP/1.1\r\nHost: 128.199.113.162\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Sep 2025 23:32:36 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nRefresh: 1; url = Login.php\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.41","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T13:37:42.960998Z","times_seen":16443968,"resource_available":true,"data":null}},"time_used":547,"timings":{"blocked":177,"dns":0,"connect":182,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"128.199.113.162","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}