Report - 92.81.131.98

Report Overview

Visited public
2023-11-28 12:42:23
Tags
URL
92.81.131.98
Finishing URL
92.81.131.98/
IP / ASN
92.81.131.98
#9050 Telekom Romania Communication S.A
Title
WEB SERVICE

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

120

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
92.81.131.98	unknown	unknown	No data	No data	24 kB	885 kB	92.81.131.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed
2023-11-28	medium	92.81.131.98	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	92.81.131.98/js/ptzCtrl.js	ScriptElement	2.3 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/js/ptzCtrl.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen213 Hash 883d0c5ef8a56c630ef3e71a08d4f359 02285583790aeff758b4be8878b7fe9da53203d3 c79334fd5b0d98db9f1659683909c4156aa8d3dbd406ff37a6764d713d7805b5 Loading...

	92.81.131.98/js/previewindex.js	ScriptElement	39 kB	2023-07-11	2024-12-16
Pretty URL 92.81.131.98/js/previewindex.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-11 23:56 Last Seen2024-12-16 23:31 Times Seen18 Hash 6602974c9d249680ab04b3ab40416695 2a9e28fb044084dbd2777857a42bc30a4052d70b db89665e8e2c29c8ee9509f6a367e5597f9bbc187f66fbd9d0b0ab5cacc4b6f1 Loading...

	92.81.131.98/jsCore/base64.js	ScriptElement	1.4 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/jsCore/base64.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen373 Hash 5eff3600464bfd8f5ef4c272907b9549 2a5d22360933506d19d43e00923ed4e21ca31bb8 406d5f2eaf96a6969b0ab8eec948ea8ef4bc5d187af61b4bc0d0f149e06af38f Loading...

	92.81.131.98/jsCore/rpcLogin.js	ScriptElement	2.3 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/jsCore/rpcLogin.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen342 Hash 66886606d1e1071bf54963a66d7fe2ef 868ef5ac493c671ae11ef3ab5f9c070ed2eecfb2 84aac27c3861aa158f56037d0c2352771e460aef8cc18a0c1fb6c116e62c6057 Loading...

	92.81.131.98/jsCore/more.js	ScriptElement	27 kB	2023-03-09	2025-04-11
Pretty URL 92.81.131.98/jsCore/more.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12 Last Seen2025-04-11 19:00 Times Seen76 Hash 606785811be0b91a809b8794d7119f29 12ee808879f18cb320276841940cf1d67bb522e2 d4dd54b2a1bc75a318297593f2f49807558e9a826cc6da17b22330d223b668bb Loading...

	92.81.131.98/jsCore/m.js	ScriptElement	61 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/jsCore/m.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen257 Hash b0208bccbc243533f2685bedcea1e9fc ef84cf1f680b492eab34c0b00b21f438ba4c6322 9c0bb929e2e9b5df7d8db9c98e066458c9970bcfb7ef36b81a81be324156fb00 Loading...

	92.81.131.98/cap.js	ScriptElement	164 B	2023-03-14	2025-04-02
Pretty URL 92.81.131.98/cap.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2025-04-02 19:25 Times Seen89 Hash 538fc523aa5a369ad66f4e8d2de63298 aa5b2d78f37da3301be6d5fb821471a9d329e272 a8466a7f096e9247bc03fb173fe567ca519e8000c3801f9a56648fe2acca0388 Loading...

	92.81.131.98/js/ft.js	ScriptElement	55 B	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/js/ft.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen198 Hash dfde935b9d0f2c5c1124d560f151b2af 10a5e58377e27eba224c13738901acfb4f3e6427 2ebf6c20bca7c0513835672a2383d096e1a64503af40da72a1f3a99407702c27 Loading...

	92.81.131.98/html/previewindex.htm	ScriptElement	42 B	2023-05-23	2025-04-19
Pretty URL 92.81.131.98/html/previewindex.htm IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 11:37 Last Seen2025-04-19 19:32 Times Seen197 Hash d371d5642f1c97d1ff66e8d1f6655a88 c52e8ee50728e23bb1ad258bc6bc3f0187e0c0a8 7acdaffd8622486ea7dca394d7fe13a2f1101fd9774533075803fbbee1eec41f Loading...

	92.81.131.98/jsCore/md5.js	ScriptElement	4.1 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/jsCore/md5.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen375 Hash 2a97dd0b57aa2c62ecdb63f803c9040b ecc3580ac9f03705c2fc04571989cfea1a8def19 d4be5fd6e2d08e3b8ff86980c712d3f3606ec5c1da1a911f215937f35586e282 Loading...

	92.81.131.98/html/previewindex.htm	ScriptElement	271 B	2023-05-23	2025-04-19
Pretty URL 92.81.131.98/html/previewindex.htm IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 11:37 Last Seen2025-04-19 19:32 Times Seen197 Hash 69aa443c6562da768f5cc29ca63aca36 ad9ef09fa2a866065a3b768e8fbb239519c9af14 9ea13f143205e9e7a7e71b7b3e047e21986fcdacd7b9023df53238b96918ce64 Loading...

	92.81.131.98/olp.js	ScriptElement	2.2 kB	2023-06-09	2025-03-24
Pretty URL 92.81.131.98/olp.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-09 01:33 Last Seen2025-03-24 18:51 Times Seen70 Hash 03aea985686f689f1af2d85fce728ae7 41e5c8ac272a176c14a638275d6220bf940a8b2c daa19f44ed1985612c3401437c4e983e25ff574e6fdaa2bc25b582d1e8e602c3 Loading...

	unknown	EventHandler	89 B	2023-04-14	2025-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-14 22:42 Last Seen2025-04-25 02:48 Times Seen382 Hash 49da9db83405aae23f0786c25cf717d6 41ba4aa507e09a426b03808ecd176a99e23ddbc8 4e20c10ccfc3f15a48b79c7a3f83096ecf7652a385d4f9da834b35e2ad9610ce Loading...

	92.81.131.98/jsCore/rpcCore.js	ScriptElement	30 kB	2023-03-14	2024-12-16
Pretty URL 92.81.131.98/jsCore/rpcCore.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2024-12-16 23:31 Times Seen18 Hash d2aa6e584c9d5676a18cea022ec9957a 35c3d113777723609d737fa4d1b1c4345358e36e a9ce7fc70fcca9730f2dc1c9501ad7bb23d1393a7c341e21c69f4061411da2dc Loading...

	92.81.131.98/js/index.js	ScriptElement	12 kB	2023-03-14	2024-12-16
Pretty URL 92.81.131.98/js/index.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2024-12-16 23:31 Times Seen21 Hash 01739922b53f7879c6897623bfba894c 603d852952d6f18431cc7007e5e1422f627dce37 9e0c3df528a00057d882848e6371941acabe6f85df385c34a0c5c864d719c8fc Loading...

	92.81.131.98/js/playbackindex.js	ScriptElement	1.3 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/js/playbackindex.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36 Last Seen2025-04-19 19:32 Times Seen190 Hash 1d67bd4b704159e8fbde640e8c4c8a4f 3ce71380aa3754fb34eb6ee60740dbf345f2315c 3fcfcd7d7ccd13ae2f5155c9b757ff22c1814ea22c531120fe5dfea615ecb2e6 Loading...

	92.81.131.98/js/qt.js	ScriptElement	9.3 kB	2023-03-14	2025-04-19
Pretty URL 92.81.131.98/js/qt.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2025-04-19 19:32 Times Seen51 Hash 71ceefa34cc8f9a48f2eaf9c4d573891 694374b05c65b3d3bf586beef929572bab15638a a049cfbbb36a745701123a9f3230c2fd6a2b33c87e7b3b770f8bd5bc91348f96 Loading...

	92.81.131.98/js/loginEx.js	ScriptElement	3.9 kB	2023-03-14	2024-12-16
Pretty URL 92.81.131.98/js/loginEx.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2024-12-16 23:31 Times Seen18 Hash b71751e4fcf79e3790f36bc6a3990867 3a6191d711deadd3cc8b1c5949d21dde8cc0bc81 9f68f2117ef9befd0fd933abb7691fde9b61812d91e46196ed33b2ab7003cf84 Loading...

	92.81.131.98/js/alarmindex.js	ScriptElement	3.7 kB	2023-03-07	2025-04-19
Pretty URL 92.81.131.98/js/alarmindex.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen208 Hash 944368e0a7265f5131790df2411bd64d 8373d34f0cc5fa1142c507518bfaea6c0cda6b94 7bd88b34d4bf97516bd29511b8658f4d01c5e7b774d33e7b4646feddbdbf29f2 Loading...

	92.81.131.98/js/publicFunc.js	ScriptElement	44 kB	2023-03-14	2024-12-16
Pretty URL 92.81.131.98/js/publicFunc.js IP 92.81.131.98 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:43 Last Seen2024-12-16 23:31 Times Seen18 Hash 6235e1970e1407b6bff9752645ee53fd 9e200abac0b681b6fc50bf82c68ca84d973fa770 54e82b221e32ff5996e5d81234d738a0d7e19f55a1a49bc96a4c8d775eafe1b2 Loading...

	unknown	EventHandler	14 B	2023-05-23	2025-04-19
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-23 11:37 Last Seen2025-04-19 19:32 Times Seen319 Hash 1f0bd8abf059aea4a2ecb5b3c1a58052 28a80d96102f7a0eea46d036edaec3312910bc3f b827366ba26175441605cdc37f8a7735052cdfec466c2e507bdae7474ddf7370 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 39cd100f96f77d6f83bc90c01be1264f	138 kB	2023-06-28 23:13	2024-09-28 08:47
Pretty Observations First Seen2023-06-28 23:13 Last Seen2024-09-28 08:47 Times Seen25 Hash 39cd100f96f77d6f83bc90c01be1264f 51349e08591c20580b5a5b9a594bf1647d230bb3 7e992841ceb807aa6eca407be2b04f2986a547df14422c2811bf18aecab8bb7e Loading...

		Size	First Seen	Last Seen
	#1 Write - c545526b65678daad3580261ee179efd	1.6 kB	2023-03-07 13:01	2025-04-19 19:32
Pretty Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen207 Hash c545526b65678daad3580261ee179efd ab62b30d64e3d82da2dd5dc77bd6ce25c7f36a03 b0ae46e3bf38ee8422c55643ee41631ecc587ae952b51195fe26f74e6ebb26f6 Loading...

	#2 Write - 98f491fc9091fdaa17e6a2118d830fdd	35 B	2023-03-07 13:01	2025-04-19 19:32
Pretty Observations First Seen2023-03-07 13:01 Last Seen2025-04-19 19:32 Times Seen194 Hash 98f491fc9091fdaa17e6a2118d830fdd 49595e5c1f8883a1c5dc74623c19a2fa4455fa26 77f9f7a82d5e9ae96dbacc266ec736b67dc1d907559c5218c4fc6182b5e8234b Loading...

HTTP Transactions (60)

URL IP Response Size

92.81.131.98/

92.81.131.98

6.8 kB

URL User Request GET
92.81.131.98/
IP
92.81.131.98:0
ASN
#9050 Telekom Romania Communication S.A

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
6.8 kB (6750 bytes)
Hash
d4ac5fffe89a8dea69ed1864e3e4fc16
6063c923e427183bdeb9972ffbf4ed7eab4de18f
1223ccb65850c453347002bb6c2f8d9d3e2650de5d5110a7c661fb77bcb97adf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6750
CONTENT-TYPE: text/html

92.81.131.98/jsCore/base64.js

92.81.131.98

200 OK

1.4 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/base64.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (520)
Size
1.4 kB (1430 bytes)
Hash
5eff3600464bfd8f5ef4c272907b9549
2a5d22360933506d19d43e00923ed4e21ca31bb8
406d5f2eaf96a6969b0ab8eec948ea8ef4bc5d187af61b4bc0d0f149e06af38f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/base64.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1430
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/md5.js

92.81.131.98

200 OK

4.1 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/md5.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (513)
Size
4.1 kB (4088 bytes)
Hash
2a97dd0b57aa2c62ecdb63f803c9040b
ecc3580ac9f03705c2fc04571989cfea1a8def19
d4be5fd6e2d08e3b8ff86980c712d3f3606ec5c1da1a911f215937f35586e282

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/md5.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 4088
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/rpcLogin.js

92.81.131.98

200 OK

2.3 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/rpcLogin.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (506)
Size
2.3 kB (2325 bytes)
Hash
66886606d1e1071bf54963a66d7fe2ef
868ef5ac493c671ae11ef3ab5f9c070ed2eecfb2
84aac27c3861aa158f56037d0c2352771e460aef8cc18a0c1fb6c116e62c6057

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcLogin.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2325
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/more.js

92.81.131.98

200 OK

27 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/more.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (529)
Size
27 kB (26991 bytes)
Hash
606785811be0b91a809b8794d7119f29
12ee808879f18cb320276841940cf1d67bb522e2
d4dd54b2a1bc75a318297593f2f49807558e9a826cc6da17b22330d223b668bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 26991
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/rpcCore.js

92.81.131.98

200 OK

30 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/rpcCore.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (563)
Size
30 kB (29625 bytes)
Hash
d2aa6e584c9d5676a18cea022ec9957a
35c3d113777723609d737fa4d1b1c4345358e36e
a9ce7fc70fcca9730f2dc1c9501ad7bb23d1393a7c341e21c69f4061411da2dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 29625
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/m.js

92.81.131.98

200 OK

61 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/m.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (555)
Size
61 kB (60971 bytes)
Hash
b0208bccbc243533f2685bedcea1e9fc
ef84cf1f680b492eab34c0b00b21f438ba4c6322
9c0bb929e2e9b5df7d8db9c98e066458c9970bcfb7ef36b81a81be324156fb00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 60971
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/index.js

92.81.131.98

200 OK

12 kB

URL GET HTTP/1.1
92.81.131.98/js/index.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document, ASCII text, with very long lines (566)
Size
12 kB (12524 bytes)
Hash
01739922b53f7879c6897623bfba894c
603d852952d6f18431cc7007e5e1422f627dce37
9e0c3df528a00057d882848e6371941acabe6f85df385c34a0c5c864d719c8fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 12524
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/loginEx.js

92.81.131.98

200 OK

3.9 kB

URL GET HTTP/1.1
92.81.131.98/js/loginEx.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (503)
Size
3.9 kB (3904 bytes)
Hash
b71751e4fcf79e3790f36bc6a3990867
3a6191d711deadd3cc8b1c5949d21dde8cc0bc81
9f68f2117ef9befd0fd933abb7691fde9b61812d91e46196ed33b2ab7003cf84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/loginEx.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3904
CONTENT-TYPE: application/x-javascript

92.81.131.98/css/index.css

92.81.131.98

200 OK

6.5 kB

URL GET HTTP/1.1
92.81.131.98/css/index.css
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
6.5 kB (6506 bytes)
Hash
d1aeb72db8a45ea841cea086f37c4c7c
76f19a817968f8db438ee8810771a09e2a2062fe
fa67a3edc16d37eccc6262b01c67880aec85b8f466de5229cd7973e43fe923da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.css HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6506
CONTENT-TYPE: text/css

92.81.131.98/current_config/WebCapConfig

92.81.131.98

404 Not Found

48 B

URL GET HTTP/1.1
92.81.131.98/current_config/WebCapConfig
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document, ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
de47b8952cf60220f474d5004f9f04df
d44daa88381eacd58e1186a9d7a36bdc5adae7d3
a5ab8a7699e699284cf698b35a5172defde53ab4db229b33d24307656cbed54b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/WebCapConfig HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
CONNECTION: close
CONTENT-LENGTH: 48
CONTENT-TYPE: text/html

92.81.131.98/current_config/preLanguage

92.81.131.98

200 OK

31 B

URL GET HTTP/1.1
92.81.131.98/current_config/preLanguage
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
JSON data\012- , ASCII text
Size
31 B (31 bytes)
Hash
5505f6b25c555c145f85d78035fd38db
cf898b7b5d5af44492b88c5cbe60e30258260b89
9f8a5278445898a07188fbc1e34470b6c9b71ab92686c5e72a615492f7d266c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/preLanguage HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 31
CONTENT-TYPE: application/octet-stream

92.81.131.98/custom_lang/Romanian.txt

92.81.131.98

200 OK

138 kB

URL GET HTTP/1.1
92.81.131.98/custom_lang/Romanian.txt
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (319), with CRLF line terminators
Size
138 kB (137926 bytes)
Hash
2da5c0109054ddfe6b6de0030b994efb
b57db7e753612ddd30e5737231eb29d797ec50b6
946096d0c0e48fb6d4551e3fbfc211512626620a631e473d92d0b75e5865574e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /custom_lang/Romanian.txt HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 137926
CONTENT-TYPE: application/octet-stream

92.81.131.98/html/playbackindex.htm

92.81.131.98

200 OK

746 B

URL GET HTTP/1.1
92.81.131.98/html/playbackindex.htm
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
746 B (746 bytes)
Hash
c565a773f6b783ccb8c76d1cd5af074b
2ac2417bc03cdcd37286c10a289d57223352ac68
942525f5847b95c76b38e91b8ca07f444e75d50a5143874304fc9f55e63552cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/playbackindex.htm HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 746
CONTENT-TYPE: text/html

92.81.131.98/html/alarmindex.htm

92.81.131.98

200 OK

4.9 kB

URL GET HTTP/1.1
92.81.131.98/html/alarmindex.htm
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
4.9 kB (4894 bytes)
Hash
1d06d385fcc6cb4f547c75b9986c397d
a3f2f99cbae40c1f004101abc4909442d1fb7437
774a8f4689ddc810e05c58af29b2a9dd292fc5df6976841d73b3751aae2ebcee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/alarmindex.htm HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 4894
CONTENT-TYPE: text/html

92.81.131.98/image/bg.png

92.81.131.98

200 OK

985 B

URL GET HTTP/1.1
92.81.131.98/image/bg.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
PNG image data, 1 x 170, 8-bit colormap, non-interlaced\012- data
Size
985 B (985 bytes)
Hash
88f54be55f085162342d5bb51af52a26
b3a1734a05eb9395f83ad17adefadf6e249f75a8
632ac2a6c5d940bdb01830a0c090eba277209be1e0d16094971319cfc31bafff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/bg.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 985
CONTENT-TYPE: image/png

92.81.131.98/image/lgbg.jpg

92.81.131.98

200 OK

6.3 kB

URL GET HTTP/1.1
92.81.131.98/image/lgbg.jpg
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 483x317, components 3\012- data
Size
6.3 kB (6255 bytes)
Hash
4ff53be6165e430af41d782e00207fda
a83930048e73d8e67fbfd284b1e7a9c15cef9b1d
e5cc6df02c1d12a041e4cf906f2f5465fb07c0a55d55a6e42be0a99894219e27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/lgbg.jpg HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6255
CONTENT-TYPE: image/jpeg

92.81.131.98/image/loginlogo.jpg

92.81.131.98

200 OK

5.0 kB

URL GET HTTP/1.1
92.81.131.98/image/loginlogo.jpg
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 474x56, components 3\012- data
Size
5.0 kB (5021 bytes)
Hash
31f1053201e77e60aee661b0ecc791ba
7e720eddfdd7dfd37d71efdb0b81c6611b685822
7fff97e119264488f61073ab0e236a09a784bce2340b234466dda27ec241ae62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/loginlogo.jpg HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5021
CONTENT-TYPE: image/jpeg

92.81.131.98/html/previewindex.htm

92.81.131.98

200 OK

28 kB

URL GET HTTP/1.1
92.81.131.98/html/previewindex.htm
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (475), with CRLF line terminators
Size
28 kB (28266 bytes)
Hash
834e733516dd8a718b22a2e19cfe1666
c7c1a9296904419c64dc2c79a02db019686b60d1
f6ed12189c1225604797720a73b20ca90e809278a314c1e4e0ba05fb057ed901

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/previewindex.htm HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 28266
CONTENT-TYPE: text/html

92.81.131.98/image/btnbg.png

92.81.131.98

200 OK

934 B

URL GET HTTP/1.1
92.81.131.98/image/btnbg.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 1 x 350, 8-bit colormap, non-interlaced\012- data
Size
934 B (934 bytes)
Hash
8856baf2ad61c278f5caefabd584b0c1
e3da6393a9ffcd324e1881eeecd5e767ce6820ca
ce514039da9930044d21e5f6eaa89376163808dfb36bf8666af22f2c44f208c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/btnbg.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 934
CONTENT-TYPE: image/png

92.81.131.98/image/logo.jpg

92.81.131.98

200 OK

2.0 kB

URL GET HTTP/1.1
92.81.131.98/image/logo.jpg
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 165x55, components 3\012- data
Size
2.0 kB (2033 bytes)
Hash
922d04b3362aa37f5f650696fa612dc6
48f5269c4928ee5d3c29805d59a3c1b41303ea63
7fbc9ae240bb2577a31fbeac3677ffee4dbcc4aa2d32fce99a652458a869823c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/logo.jpg HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2033
CONTENT-TYPE: image/jpeg

92.81.131.98/image/pbbbtn.png

92.81.131.98

200 OK

9.8 kB

URL GET HTTP/1.1
92.81.131.98/image/pbbbtn.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
PNG image data, 270 x 405, 8-bit colormap, non-interlaced\012- data
Size
9.8 kB (9838 bytes)
Hash
862e87079c6edc0b26667619316204a2
417c20e5d7efeb85935ea144643af1e87e119f05
943fb9651db01c9a248a85db411460025cd742db58f5dbcaacb92f253f4659a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/pbbbtn.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/index.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9838
CONTENT-TYPE: image/png

92.81.131.98/jsCore/base64.js

92.81.131.98

200 OK

1.4 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/base64.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (520)
Size
1.4 kB (1430 bytes)
Hash
5eff3600464bfd8f5ef4c272907b9549
2a5d22360933506d19d43e00923ed4e21ca31bb8
406d5f2eaf96a6969b0ab8eec948ea8ef4bc5d187af61b4bc0d0f149e06af38f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/base64.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1430
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/ptzCtrl.js

92.81.131.98

200 OK

2.3 kB

URL GET HTTP/1.1
92.81.131.98/js/ptzCtrl.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (501)
Size
2.3 kB (2282 bytes)
Hash
883d0c5ef8a56c630ef3e71a08d4f359
02285583790aeff758b4be8878b7fe9da53203d3
c79334fd5b0d98db9f1659683909c4156aa8d3dbd406ff37a6764d713d7805b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ptzCtrl.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2282
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/rpcCore.js

92.81.131.98

200 OK

30 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/rpcCore.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (563)
Size
30 kB (29625 bytes)
Hash
d2aa6e584c9d5676a18cea022ec9957a
35c3d113777723609d737fa4d1b1c4345358e36e
a9ce7fc70fcca9730f2dc1c9501ad7bb23d1393a7c341e21c69f4061411da2dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 29625
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/loginEx.js

92.81.131.98

200 OK

3.9 kB

URL GET HTTP/1.1
92.81.131.98/js/loginEx.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (503)
Size
3.9 kB (3904 bytes)
Hash
b71751e4fcf79e3790f36bc6a3990867
3a6191d711deadd3cc8b1c5949d21dde8cc0bc81
9f68f2117ef9befd0fd933abb7691fde9b61812d91e46196ed33b2ab7003cf84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/loginEx.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3904
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/rpcLogin.js

92.81.131.98

200 OK

2.3 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/rpcLogin.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (506)
Size
2.3 kB (2325 bytes)
Hash
66886606d1e1071bf54963a66d7fe2ef
868ef5ac493c671ae11ef3ab5f9c070ed2eecfb2
84aac27c3861aa158f56037d0c2352771e460aef8cc18a0c1fb6c116e62c6057

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcLogin.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2325
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/m.js

92.81.131.98

200 OK

61 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/m.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (555)
Size
61 kB (60971 bytes)
Hash
b0208bccbc243533f2685bedcea1e9fc
ef84cf1f680b492eab34c0b00b21f438ba4c6322
9c0bb929e2e9b5df7d8db9c98e066458c9970bcfb7ef36b81a81be324156fb00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 60971
CONTENT-TYPE: application/x-javascript

92.81.131.98/cap.js

92.81.131.98

200 OK

164 B

URL GET HTTP/1.1
92.81.131.98/cap.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text
Size
164 B (164 bytes)
Hash
538fc523aa5a369ad66f4e8d2de63298
aa5b2d78f37da3301be6d5fb821471a9d329e272
a8466a7f096e9247bc03fb173fe567ca519e8000c3801f9a56648fe2acca0388

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cap.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONTENT-LENGTH: 164
CONNECTION: close
Content-type: application/x-javascript;charset=utf-8

92.81.131.98/js/qt.js

92.81.131.98

200 OK

9.3 kB

URL GET HTTP/1.1
92.81.131.98/js/qt.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (579)
Size
9.3 kB (9330 bytes)
Hash
71ceefa34cc8f9a48f2eaf9c4d573891
694374b05c65b3d3bf586beef929572bab15638a
a049cfbbb36a745701123a9f3230c2fd6a2b33c87e7b3b770f8bd5bc91348f96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/qt.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9330
CONTENT-TYPE: application/x-javascript

92.81.131.98/css/playbackindex.css

92.81.131.98

200 OK

619 B

URL GET HTTP/1.1
92.81.131.98/css/playbackindex.css
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/playbackindex.htm

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
619 B (619 bytes)
Hash
9f97e5e784b4bb4f2df0140b77282263
038a882d1f76faf9307dc48a341991fdf6a5c7d2
cf6605e649ac673377c65720a2e708fd841cc4022f827d1e85cccdb8df8bda62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/playbackindex.css HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/playbackindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 619
CONTENT-TYPE: text/css

92.81.131.98/css/previewindex.css

92.81.131.98

200 OK

25 kB

URL GET HTTP/1.1
92.81.131.98/css/previewindex.css
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
Unicode text, UTF-8 text, with very long lines (306), with CRLF line terminators
Size
25 kB (25403 bytes)
Hash
7041aafa5350d90ef87523acf66c3c84
66d87ef7dc907ec3f69a6aee12ca0334586a1544
598ed6b52953e236606c3717b9dc9e8689921cd091e9f0c03d65edc8802c55c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/previewindex.css HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 25403
CONTENT-TYPE: text/css

92.81.131.98/js/previewindex.js

92.81.131.98

200 OK

39 kB

URL GET HTTP/1.1
92.81.131.98/js/previewindex.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
HTML document, ASCII text, with very long lines (543)
Size
39 kB (38892 bytes)
Hash
6602974c9d249680ab04b3ab40416695
2a9e28fb044084dbd2777857a42bc30a4052d70b
db89665e8e2c29c8ee9509f6a367e5597f9bbc187f66fbd9d0b0ab5cacc4b6f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/previewindex.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 38892
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/playbackindex.js

92.81.131.98

200 OK

1.3 kB

URL GET HTTP/1.1
92.81.131.98/js/playbackindex.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/playbackindex.htm

File type
ASCII text, with very long lines (505)
Size
1.3 kB (1308 bytes)
Hash
1d67bd4b704159e8fbde640e8c4c8a4f
3ce71380aa3754fb34eb6ee60740dbf345f2315c
3fcfcd7d7ccd13ae2f5155c9b757ff22c1814ea22c531120fe5dfea615ecb2e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/playbackindex.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/playbackindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1308
CONTENT-TYPE: application/x-javascript

92.81.131.98/css/alarmindex.css

92.81.131.98

200 OK

3.4 kB

URL GET HTTP/1.1
92.81.131.98/css/alarmindex.css
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (327), with CRLF line terminators
Size
3.4 kB (3425 bytes)
Hash
2f474e42265eda34009ec94722e8599f
f0b05dda64bd6843a85c7a3f0261b6bfe7c423c6
184f86feb7436012e50a201af8b10f4f5628464ad81ee17b65c41c5deb69915e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/alarmindex.css HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3425
CONTENT-TYPE: text/css

92.81.131.98/jsCore/more.js

92.81.131.98

200 OK

27 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/more.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (529)
Size
27 kB (26991 bytes)
Hash
606785811be0b91a809b8794d7119f29
12ee808879f18cb320276841940cf1d67bb522e2
d4dd54b2a1bc75a318297593f2f49807558e9a826cc6da17b22330d223b668bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/playbackindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 26991
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/m.js

92.81.131.98

200 OK

61 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/m.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (555)
Size
61 kB (60971 bytes)
Hash
b0208bccbc243533f2685bedcea1e9fc
ef84cf1f680b492eab34c0b00b21f438ba4c6322
9c0bb929e2e9b5df7d8db9c98e066458c9970bcfb7ef36b81a81be324156fb00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/playbackindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 60971
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/md5.js

92.81.131.98

200 OK

4.1 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/md5.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (513)
Size
4.1 kB (4088 bytes)
Hash
2a97dd0b57aa2c62ecdb63f803c9040b
ecc3580ac9f03705c2fc04571989cfea1a8def19
d4be5fd6e2d08e3b8ff86980c712d3f3606ec5c1da1a911f215937f35586e282

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/md5.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 4088
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/more.js

92.81.131.98

200 OK

27 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/more.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (529)
Size
27 kB (26991 bytes)
Hash
606785811be0b91a809b8794d7119f29
12ee808879f18cb320276841940cf1d67bb522e2
d4dd54b2a1bc75a318297593f2f49807558e9a826cc6da17b22330d223b668bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 26991
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/alarmindex.js

92.81.131.98

200 OK

3.7 kB

URL GET HTTP/1.1
92.81.131.98/js/alarmindex.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (527)
Size
3.7 kB (3737 bytes)
Hash
944368e0a7265f5131790df2411bd64d
8373d34f0cc5fa1142c507518bfaea6c0cda6b94
7bd88b34d4bf97516bd29511b8658f4d01c5e7b774d33e7b4646feddbdbf29f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/alarmindex.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3737
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/more.js

92.81.131.98

200 OK

27 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/more.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (529)
Size
27 kB (26991 bytes)
Hash
606785811be0b91a809b8794d7119f29
12ee808879f18cb320276841940cf1d67bb522e2
d4dd54b2a1bc75a318297593f2f49807558e9a826cc6da17b22330d223b668bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 26991
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/rpcCore.js

92.81.131.98

200 OK

30 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/rpcCore.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
ASCII text, with very long lines (563)
Size
30 kB (29625 bytes)
Hash
d2aa6e584c9d5676a18cea022ec9957a
35c3d113777723609d737fa4d1b1c4345358e36e
a9ce7fc70fcca9730f2dc1c9501ad7bb23d1393a7c341e21c69f4061411da2dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 29625
CONTENT-TYPE: application/x-javascript

92.81.131.98/jsCore/m.js

92.81.131.98

200 OK

61 kB

URL GET HTTP/1.1
92.81.131.98/jsCore/m.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (555)
Size
61 kB (60971 bytes)
Hash
b0208bccbc243533f2685bedcea1e9fc
ef84cf1f680b492eab34c0b00b21f438ba4c6322
9c0bb929e2e9b5df7d8db9c98e066458c9970bcfb7ef36b81a81be324156fb00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 60971
CONTENT-TYPE: application/x-javascript

92.81.131.98/olp.js

92.81.131.98

200 OK

2.2 kB

URL GET HTTP/1.1
92.81.131.98/olp.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text, with very long lines (1644)
Size
2.2 kB (2224 bytes)
Hash
03aea985686f689f1af2d85fce728ae7
41e5c8ac272a176c14a638275d6220bf940a8b2c
daa19f44ed1985612c3401437c4e983e25ff574e6fdaa2bc25b582d1e8e602c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olp.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2224
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/ft.js

92.81.131.98

200 OK

55 B

URL GET HTTP/1.1
92.81.131.98/js/ft.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
ASCII text
Size
55 B (55 bytes)
Hash
dfde935b9d0f2c5c1124d560f151b2af
10a5e58377e27eba224c13738901acfb4f3e6427
2ebf6c20bca7c0513835672a2383d096e1a64503af40da72a1f3a99407702c27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ft.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 55
CONTENT-TYPE: application/x-javascript

92.81.131.98/js/publicFunc.js

92.81.131.98

200 OK

44 kB

URL GET HTTP/1.1
92.81.131.98/js/publicFunc.js
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ASCII text, with very long lines (646)
Size
44 kB (44055 bytes)
Hash
6235e1970e1407b6bff9752645ee53fd
9e200abac0b681b6fc50bf82c68ca84d973fa770
54e82b221e32ff5996e5d81234d738a0d7e19f55a1a49bc96a4c8d775eafe1b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/publicFunc.js HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 44055
CONTENT-TYPE: application/x-javascript

92.81.131.98/current_config/WebCapConfig

92.81.131.98

404 Not Found

48 B

URL GET HTTP/1.1
92.81.131.98/current_config/WebCapConfig
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
HTML document, ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
de47b8952cf60220f474d5004f9f04df
d44daa88381eacd58e1186a9d7a36bdc5adae7d3
a5ab8a7699e699284cf698b35a5172defde53ab4db229b33d24307656cbed54b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/WebCapConfig HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/previewindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
CONNECTION: close
CONTENT-LENGTH: 48
CONTENT-TYPE: text/html

92.81.131.98/favicon.ico

92.81.131.98

200 OK

1.2 kB

URL GET HTTP/1.1
92.81.131.98/favicon.ico
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
bd9e17c46bbbc18af2a2bd718dddad0e
f8548e9f44dd45eefadd22bf0c758cb2d04912d7
95720d030ba3db423c71eef7c6d919151b2e868b9331506577bcf1050f846f98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1150
CONTENT-TYPE: image/x-icon

92.81.131.98/local.png

92.81.131.98

200 OK

9.0 kB

URL GET HTTP/1.1
92.81.131.98/local.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/alarmindex.htm

File type
ISO-8859 text, with very long lines (308), with CRLF line terminators
Size
9.0 kB (8999 bytes)
Hash
5cafd9ff5dc6a626db5d31b2587e554f
67cd67b099f34d9b7c3b14d1ef6807495612d2dd
139f1f7f2ec143e831803910d9c850101bf4900ee14a2f6c0c3cf40b41d856d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /local.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/html/alarmindex.htm
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 8999
CONTENT-TYPE: image/png

92.81.131.98/image/indexbar.png

92.81.131.98

200 OK

2.7 kB

URL GET HTTP/1.1
92.81.131.98/image/indexbar.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 140 x 270, 8-bit colormap, non-interlaced\012- data
Size
2.7 kB (2685 bytes)
Hash
e8f36e36eb5873145384eb56620724c9
8d7c8ecda224e6bc86ea46282a3b3b7f05123800
231a69fd4140667190f97be0cdaf82542cc51480175e6f490b5e15b384d88efd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/indexbar.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2685
CONTENT-TYPE: image/png

92.81.131.98/image/leftbot.png

92.81.131.98

200 OK

2.8 kB

URL GET HTTP/1.1
92.81.131.98/image/leftbot.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 128 x 208, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2756 bytes)
Hash
2b85d600032720a70fafd4fae11ed62e
5898d573c48cd6f45d2c523d028c66320838702c
6cb7e723f351ff2cf276d1207f409192f8a3869ac56055d74b0c4b33197b8ed5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/leftbot.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2756
CONTENT-TYPE: image/png

92.81.131.98/image/ytall1.png

92.81.131.98

200 OK

9.5 kB

URL GET HTTP/1.1
92.81.131.98/image/ytall1.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 122 x 277, 8-bit colormap, non-interlaced\012- data
Size
9.5 kB (9457 bytes)
Hash
b82f7e9b44da96880dca0e505db89a28
21d508680fa7727220316698becceac364792dae
202d362772fc4d01f632ead97dd3a864978a5f65e44dc0a63c2eabc5b9eba0ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/ytall1.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9457
CONTENT-TYPE: image/png

92.81.131.98/image/sidebar4.png

92.81.131.98

200 OK

6.2 kB

URL GET HTTP/1.1
92.81.131.98/image/sidebar4.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 200 x 400, 8-bit colormap, non-interlaced\012- data
Size
6.2 kB (6190 bytes)
Hash
d743ad690403a9711c17d937f088809f
49241d90c5638b5f8bd728e21499700ce6a6628b
8fc7823bfc36b505b502b4dc39611002a967b3ef2d9b7a552e825efee88069e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/sidebar4.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6190
CONTENT-TYPE: image/png

92.81.131.98/image/ytall2.png

92.81.131.98

200 OK

10 kB

URL GET HTTP/1.1
92.81.131.98/image/ytall2.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 74 x 416, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10074 bytes)
Hash
2a82156dbdca6e01c8cd0045023ab7cb
b99ead6d18c7a4de2e36112edd60be1d11ab4c24
24a0c90d82f076c124899f98f01f4dafa67802b26a4157b241262cfa2ced1da3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/ytall2.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 10074
CONTENT-TYPE: image/png

92.81.131.98/image/bgx.png

92.81.131.98

200 OK

338 B

URL GET HTTP/1.1
92.81.131.98/image/bgx.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 1 x 120, 8-bit colormap, non-interlaced\012- data
Size
338 B (338 bytes)
Hash
b2bc4e4f12e0c8f3b0fcfe07dd7ad547
6dd88a2d87d0ea678432afc7e96fa7b2aa2f0573
42cd060c0ff50f072433b1bb4a594c2364aa7e13b8fb38935185b4c9837f27a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/bgx.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 338
CONTENT-TYPE: image/png

92.81.131.98/image/ytall3.png

92.81.131.98

200 OK

4.4 kB

URL GET HTTP/1.1
92.81.131.98/image/ytall3.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 74 x 800, 8-bit colormap, non-interlaced\012- data
Size
4.4 kB (4436 bytes)
Hash
6f5485f901c9487cb5c03e91217812d0
7ba670d7e7827979106291c9ae04d68af37e3590
f4a8a03c0455e2644fc59a2889fbc870650a84a7d367282a9d5e4fe83144fc82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/ytall3.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 4436
CONTENT-TYPE: image/png

92.81.131.98/image/Window.png

92.81.131.98

200 OK

1.8 kB

URL GET HTTP/1.1
92.81.131.98/image/Window.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 120 x 48, 8-bit colormap, non-interlaced\012- data
Size
1.8 kB (1849 bytes)
Hash
f835dd192489a30b6fad350c65cc9730
cafe6f2ad429b84b83ca5e9831457ee219156f5d
a2c2cfecb8e0ba9ab3a0e07e4768a0e3510f447e5de15731cfd3412691bb804f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/Window.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1849
CONTENT-TYPE: image/png

92.81.131.98/image/btnbg.png

92.81.131.98

200 OK

934 B

URL GET HTTP/1.1
92.81.131.98/image/btnbg.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 1 x 350, 8-bit colormap, non-interlaced\012- data
Size
934 B (934 bytes)
Hash
8856baf2ad61c278f5caefabd584b0c1
e3da6393a9ffcd324e1881eeecd5e767ce6820ca
ce514039da9930044d21e5f6eaa89376163808dfb36bf8666af22f2c44f208c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/btnbg.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 934
CONTENT-TYPE: image/png

92.81.131.98/image/pbbbtn.png

92.81.131.98

200 OK

9.8 kB

URL GET HTTP/1.1
92.81.131.98/image/pbbbtn.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/

File type
PNG image data, 270 x 405, 8-bit colormap, non-interlaced\012- data
Size
9.8 kB (9838 bytes)
Hash
862e87079c6edc0b26667619316204a2
417c20e5d7efeb85935ea144643af1e87e119f05
943fb9651db01c9a248a85db411460025cd742db58f5dbcaacb92f253f4659a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/pbbbtn.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9838
CONTENT-TYPE: image/png

92.81.131.98/image/p1.png

92.81.131.98

200 OK

2.4 kB

URL GET HTTP/1.1
92.81.131.98/image/p1.png
IP
92.81.131.98:80
ASN
#9050 Telekom Romania Communication S.A

Requested by
http://92.81.131.98/html/previewindex.htm

File type
PNG image data, 52 x 182, 8-bit colormap, non-interlaced\012- data
Size
2.4 kB (2444 bytes)
Hash
ddb35d5e9021621f4fb936ff3a3dc3c7
91eda84716f53bb9ff7ff5e1ba529e46f24f72b0
06884cd9f8a8dd1a16ce9d7a4ffe40e7acf6956b78128190f4b5d6feed6b0476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/p1.png HTTP/1.1
Host: 92.81.131.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://92.81.131.98/css/previewindex.css
Cookie: DHLangCookie30=%2Fcustom_lang%2FRomanian.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2444
CONTENT-TYPE: image/png

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by