Report - 66.220.9.48/

Report Overview

Submitted URL
66.220.9.48/
IP
66.220.9.48
ASN
#6939 HURRICANE
Submitted
2024-04-28 04:22:25
Access
public
Website Title
CameraFTP: Leading Cloud Surveillance, Storage & Security Service. Live Monitoring, Playback, Streaming, Broadcasting
Final URL
66.220.9.48/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
66.220.9.48	unknown	unknown	No data	No data	26 kB	5.0 MB	66.220.9.48
seal-goldengate.bbb.org	90903	1995-05-16	2012-06-18	2024-02-27	912 B	1.7 kB	68.70.204.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	415 B	57 kB	142.250.74.168
bat.bing.com	387	1996-01-29	2014-04-08	2024-04-27	2.0 kB	15 kB	204.79.197.237
accounts.google.com	81	1997-09-15	2016-03-20	2024-04-26	1.4 kB	229 kB	173.194.221.84
seal-blue.bbb.org	358103	1995-05-16	2014-03-26	2024-04-16	418 B	3.4 kB	68.70.204.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed
2024-04-28	medium	66.220.9.48	Sinkholed

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	66.220.9.48/	334 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash 8432ddf754845b8333b911c93489ea51 de955e17231a2387a3bb7f38ec5e1237990bd928 df4daf41439c089c14ab5d27ac0712eeadbee87f6ab46360f3823215e7c7a6a8 Loading...

	moz-extension://374908d2-0475-4f5d-b9f6-d1abf756a6ed/lib/shim_messaging_helper.js	1.7 kB	2023-05-05	2024-05-12
Pretty URL moz-extension://374908d2-0475-4f5d-b9f6-d1abf756a6ed/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-05-12 08:44:04 Times Seen45750 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	66.220.9.48/	505 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash 4e19771e35b46c496c463a0461f24126 2bf8fc141023a62d1beb5ba3b14857d1a9205e15 a61c461c9b4cbe7f191b836dc796c62bd8738ebad19110ed88dae937445cc12f Loading...

	66.220.9.48/JS/jquery-ui-1.10.4.custom/js/jquery-ui-1.10.4.custom.min.js	228 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/JS/jquery-ui-1.10.4.custom/js/jquery-ui-1.10.4.custom.min.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:34 Times Seen2 Hash c986e84bd3423c49bb56bf80857f9030 cbbfc8e667efd61fd95f479b215dc1e3286db498 8f6547772e334af713442db42fe4a89a9091ff622518cb76dc963137aed4ffc4 Loading...

	66.220.9.48/assets/js/scripts.js	117 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/assets/js/scripts.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:34 Times Seen2 Hash 31ab92b8627ea139edcad6edd12780f9 c7e533bdc93cc1e9479f6eefe742cd46e8543184 17d74acf54cabefc046d3438833f648c8af00d0f71d8e3af1763a391ced6bae2 Loading...

	66.220.9.48/	353 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash b35b94adc27867db2128a34c8e1f1c0f a14f9b2bd23fe76a925e1c3b00d27012468ea047 efe8cf1a21c73ed6369e4a9195b34d62f54de28b78859519dca3129a3967d357 Loading...

	seal-goldengate.bbb.org/logo/drive-headquarters-380755.js	1.1 kB	2023-03-07	2024-04-28
Pretty URL seal-goldengate.bbb.org/logo/drive-headquarters-380755.js IP 68.70.204.1 ASN #44239 proinity GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:21 Last Seen2024-04-28 06:22:32 Times Seen165 Hash 37f60b73e29b8399b7411b4b35f18e9f 1a06dc2e18ea1d6e9c9e8e4bbc12e894d049d7bf 3bab32ceca79e24492efb8a84a23643fefbe791c30d5a3bc70cd77cd848eb245 Loading...

	66.220.9.48/assets/plugins/jquery/jquery-2.1.4.min.js	84 kB	2023-03-07	2024-05-12
Pretty URL 66.220.9.48/assets/plugins/jquery/jquery-2.1.4.min.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:48 Last Seen2024-05-12 08:20:10 Times Seen7522 Hash f9c7afd05729f10f55b689f36bb20172 43dc554608df885a59ddeece1598c6ace434d747 f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c Loading...

	66.220.9.48/	353 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash 2c2b1616b5d59ed7cb46ae73ca0d7873 358b505711fa3d6e02f0e7363767a32c26588ecf 3cee2a6bf983b6e5a5158bf37fb38bacaac513acd2f46548e17141772214907a Loading...

	66.220.9.48/assets/plugins/bootstrap/js/bootstrap.min.js	37 kB	2023-03-07	2024-05-11
Pretty URL 66.220.9.48/assets/plugins/bootstrap/js/bootstrap.min.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-05-11 14:07:36 Times Seen34662 Hash c5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Loading...

	66.220.9.48/sandbox%20eval%20code	147 B	2023-04-11	2024-05-12
Pretty URL 66.220.9.48/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-12 09:26:58 Times Seen347230 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	66.220.9.48/ResellerWebSite/js/Header.js?v=1.3	9.1 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ResellerWebSite/js/Header.js?v=1.3 IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash 0c36e07776cf867bcc7bb9ed07be0972 63ded8d72a2023e12107afc64511a55410233c77 b60a04e5b91925f945fe7afcf73d2f9edc6b555f2b460cd40b32fece13d43da2 Loading...

	66.220.9.48/	74 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:32 Last Seen2024-04-28 06:22:32 Times Seen1 Hash 13d205e329dfba7d246fecbfbed4c7f6 792fadba57b2584c89871bc6f1bedd14d6822662 34ff310261e5061654ec159703aea151f0882ab4890895d8b49f8d4e606a99dd Loading...

	bat.bing.com/p/action/5164291.js	0 B	2023-03-07	2024-05-12
Pretty URL bat.bing.com/p/action/5164291.js IP 204.79.197.237 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-12 09:29:10 Times Seen37559960 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	66.220.9.48/assets/plugins/slider.swiper/dist/js/swiper.min.js	62 kB	2023-03-07	2024-05-11
Pretty URL 66.220.9.48/assets/plugins/slider.swiper/dist/js/swiper.min.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:21:57 Last Seen2024-05-11 01:52:21 Times Seen242 Hash 7d56ea763c51debfc190f9ff8b0cd3dd cc896249a9b42ff679f37e9ac0b95249a9b7aad1 98514e224c6eacbb159bcbc357d8beab2ecb37087a0397551de06fd9e9f76a8a Loading...

	bat.bing.com/bat.js	46 kB	2024-03-01	2024-05-12
Pretty URL bat.bing.com/bat.js IP 204.79.197.237 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-01 02:46:32 Last Seen2024-05-12 08:42:39 Times Seen5237 Hash 72bca04fd669eb89fc65d59052d0fc00 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Loading...

	accounts.google.com/gsi/client	220 kB	2024-04-25	2024-05-02
Pretty URL accounts.google.com/gsi/client IP 173.194.221.84 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:08:11 Last Seen2024-05-02 01:55:40 Times Seen47 Hash fae94bc2946e030cb4ecadb58d7099fb 5d218e0ff6ea391a8db0ddcd1d6944aa6ecfecf6 4daf16be97b54b6f4965267c01cd2d0618f6cd35a15dfa2820963e7c7620ea7c Loading...

	connect.facebook.net/en_US/all.js#xfbml=1&appId=286601451370037	17 kB	2023-05-05	2024-05-12
Pretty URL connect.facebook.net/en_US/all.js#xfbml=1&appId=286601451370037 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-05-12 08:44:04 Times Seen45205 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	66.220.9.48/	608 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash c9c7ea42bd5e366b62fadc101528294d 6526de9188f117053723959410b97da5c5467fbb 87e0f83d6473f1aaccd6de3931df3a3f7a9da5947fecfd71b8079d3080cec6b1 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QLXBR	148 kB	2024-04-28	2024-04-28
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QLXBR IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:34 Times Seen2 Hash 3a86ae57fe6cc101fea32fade737be42 806c45ad8ade1ca93d756786fec1329e69ce37f3 a06415a52a40d49d9241592813812f20b0d0e334636b4881c43b74eb0d8244b8 Loading...

	66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/js/jquery-1.10.2.js	273 kB	2023-03-07	2024-05-11
Pretty URL 66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/js/jquery-1.10.2.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:58 Last Seen2024-05-11 16:31:01 Times Seen1334 Hash 91515770ce8c55de23b306444d8ea998 1d85f0f3464e5e49b0522744bf7314e176ac76d9 8ade6740a1d3cfedf81e28d9250929341207b23a55f1be90ccc26cf6d98e052a Loading...

	66.220.9.48/js/localtimeconversion.js	11 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/js/localtimeconversion.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash 0adb52d7cf76d3852ebf472e4e912ed7 2991aee3e8637df9fb4788d6f3976533092da799 2f15da52927ce1c35e01b81886946fbadf31e9c723b4e19d129d45b55063d0cd Loading...

	66.220.9.48/ResellerWebSite/js/CameraHealthChecking.js?v=1.1	7.7 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ResellerWebSite/js/CameraHealthChecking.js?v=1.1 IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash 17446f853577667c8f3659a9ea3c51a7 5d0a78f68ffa3f03d20b4feece2fda37f870c694 cab0f867a85de4b269bcf6571f057fa2b89d66d8f2a89b3767d7a804b500f619 Loading...

	66.220.9.48/	2.0 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash f5198e31651923aa2b130ced30cd1679 a004e515cdf6424606c444a628279f06f816a3ce 731b87380b690d6ecb9b01dea76f13c12324efa3a9ba5e0b25899bc2a64a16e3 Loading...

	66.220.9.48/js/Secure/sso.js	13 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/js/Secure/sso.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:34 Times Seen2 Hash a8761a02fe20651b4d77587d93a86649 45513bc65072a19127f10b213bb1352e51423f0a 089ab263324e0c6b58ecae8e273b390868d6f1456ca4b58d4365a4d2357ec325 Loading...

	66.220.9.48/	274 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash db9481612b57d80660ba5e88d88a282c e52c90e703aeebaf5e51c3d9fb0040a742a511f3 b183d0d867abf2e603c14866e17ff5b6fad2117390d03fba0e9e48e1e9aa6ed0 Loading...

	66.220.9.48/	41 B	2023-03-07	2024-05-11
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:03 Last Seen2024-05-11 23:41:03 Times Seen7222 Hash 2ec370ca0eaf3069dce13df24243d863 64c1919bbb18a6d851d1b7772f830320b8ab5cc1 6a31a3a39783d09cc53dd9e9baeb4a4fa49be602eef90f6bbb9f78af02688064 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-12
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-12 09:26:58 Times Seen346721 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	66.220.9.48/	36 B	2023-03-07	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:24:15 Last Seen2024-04-28 06:22:33 Times Seen12 Hash c7f461b4e32d9a9eb70bc4bd2446148c dc5b9c38c43bf414d28d69264fb22d177a9c8e66 57a1549e159814461b5674da7c55e05515003bad51247bfccb7ca14f560080b1 Loading...

	66.220.9.48/	671 B	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/ IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash f97792d775ff5d7f900ff46c1a8f4e62 65fa7f22d7665cdbe442f91f66c91fd3bdf03b4b c66ccef313670d4efdc764646e8bfd9b3b7d5823634aa883f57979306c98455c Loading...

	66.220.9.48/assets/js/view/demo.swiper_slider.js	2.2 kB	2024-04-28	2024-04-28
Pretty URL 66.220.9.48/assets/js/view/demo.swiper_slider.js IP 66.220.9.48 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:34 Times Seen2 Hash fc354456e239d1b8b86bcaf8e3790fa1 f014c75be1ec0dfddfc9e9c9275601f44ba0b79c 8403d0bc51dc59544bedbced5f4839babc3a2c13bee4a9704f7f1adf70d5822b Loading...

	unknown	158 B	2023-04-10	2024-04-28
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-10 16:50:18 Last Seen2024-04-28 06:22:33 Times Seen98 Hash 4f5a09c7a838ca13aef18594a67bc4c9 52ca408cd5119ada08a2d767f6cf6190f474c556 2e9a97cecfd936f29401a1096948f2b47644c9b58ad146f4c9f1acd8ad943b9e Loading...

		Size	First Seen	Last Seen
	#1 Write - 894ea122abd8b6835ca2fd4a49669d76	112 B	2024-04-28	2024-04-28
Pretty Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash 894ea122abd8b6835ca2fd4a49669d76 3b62651928187481e927a322406b61d8c8586fff 544a5b4d817ff11dc007d5c6a9e6d10f153d5bcefc998ab69136b98e1e8b7596 Loading...

	#2 Write - 07811dc6c422334ce36a09ff5cd6fe71	4 B	2023-03-11	2024-05-12
Pretty Observations First Seen2023-03-11 11:15:57 Last Seen2024-05-12 09:16:30 Times Seen2238 Hash 07811dc6c422334ce36a09ff5cd6fe71 7e79a3af2634de6635e59c9404d251b3955d39f9 6557739a67283a8de383fc5c0997fbec7c5721a46f28f3235fc9607598d9016b Loading...

	#3 Write - 9a3b2931ddf6aa8e0b38142c030a2e4d	50 B	2024-04-28	2024-04-28
Pretty Observations First Seen2024-04-28 06:22:33 Last Seen2024-04-28 06:22:33 Times Seen1 Hash 9a3b2931ddf6aa8e0b38142c030a2e4d 0f2302cba57b97257266acb13cf590f185eee8dc e5e7e7eca7fe56f2b729b3712d4e8f371997d8ccb6860a115fbaa35f43a5ee0b Loading...

HTTP Transactions (58)

URL IP Response Size

66.220.9.48/

66.220.9.48

200 OK

137 B

URL User Request GET HTTP/1.1
66.220.9.48/
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
137 B (137 bytes)
Hash
9b1d81da3ea17f4a2dcfa1245598ed46
9f07375c201471038b043aefbc4052f3879c3a09
2afd59a1cbaa9ef87efd26a463effd1cca2c4a7c43993de6ddec76fe1ef56c9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://66.220.9.48/
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:55 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:55 GMT; path=/; secure; HttpOnly
randID=1033878598989756301; expires=Wed, 28-Aug-2024 04:21:55 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:55 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:55 GMT
Content-Length: 137

66.220.9.48/

66.220.9.48

200 OK

51 kB

URL User Request GET HTTP/1.1
66.220.9.48/
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (701), with CRLF line terminators
Size
51 kB (50752 bytes)
Hash
63cd48d2403d87d35aa05dc020c430e5
029e3a03086e5bbea7f327d2e2c90a2ec7391310
4e740ddfb68df3044693a9ba4ea9c742e74daefd8e3293be46459e41dad70d08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: User-Agent
Server: Microsoft-IIS/10.0
x-frame-options: DENY
X-AspNet-Version: 4.0.30319
Set-Cookie: randID=1751445828610815030; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:57 GMT
Content-Length: 50752

66.220.9.48/assets/plugins/bootstrap/css/bootstrap.min.css

66.220.9.48

200 OK

18 kB

URL GET HTTP/1.1
66.220.9.48/assets/plugins/bootstrap/css/bootstrap.min.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text, with very long lines (523)
Size
18 kB (18543 bytes)
Hash
7081670b882178a789d088cf467e5a80
aa7605dcd034e24e7da59a264346ea6649f3a361
a1b9c261a7963a5baa6a0a61460160e5d794378759b43cd6de1452a638825657

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135318618920
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pv3vquq41ps3uqs2wgre1vtp; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

seal-goldengate.bbb.org/logo/ruhzbum/drive-headquarters-380755.png

68.70.204.1

200 OK

99 B

URL GET HTTP/2
seal-goldengate.bbb.org/logo/ruhzbum/drive-headquarters-380755.png
IP
68.70.204.1:443
ASN
#44239 proinity GmbH

Requested by
https://66.220.9.48/
Certificate
IssuerDigiCert Inc
Subject*.bbb.org
Fingerprint53:C9:A6:EB:96:50:F7:DF:29:44:1C:9A:A1:DC:AB:75:F4:B9:7D:AB
ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 25 Apr 2025 23:59:59 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Size
99 B (99 bytes)
Hash
b5b7e09960e60168479599d67063224e
9d68be38b530be6ebe4ec096b6c93ac8ac13d4c0
1dd031f2c08c70b72c6fadcf7b6d3b5cfe55527f8fdc839916ba8daf5fb416ae

HTTP Headers

GET /logo/ruhzbum/drive-headquarters-380755.png HTTP/1.1
Host: seal-goldengate.bbb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: keycdn
date: Sun, 28 Apr 2024 04:21:58 GMT
content-type: image/png
content-length: 99
cache-control: max-age=14400
expires: Sun, 28 Apr 2024 08:21:58 GMT
last-modified: Sat, 27 Apr 2024 05:35:27 GMT
x-aspnet-version: 4.0.30319
x-robots-tag: noindex
x-powered-by: ASP.NET
x-cache: HIT
x-shield: active
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

66.220.9.48/assets/css/color_scheme/blue.css

66.220.9.48

200 OK

3.0 kB

URL GET HTTP/1.1
66.220.9.48/assets/css/color_scheme/blue.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text
Size
3.0 kB (2994 bytes)
Hash
08585f6d4af4f2d56feb8f777947403b
2bce2fd4c1152c2984fa85320d0d84092b2c1994
eef7c549866541e68515ae604e90bc78f0f0ac2703d0167703a0d6e4cbaaa410

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/color_scheme/blue.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135314788883
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ttsp12uffl1eiruyr0z1kfuh; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/Css/global.css

66.220.9.48

200 OK

15 kB

URL GET HTTP/1.1
66.220.9.48/Css/global.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (513), with CRLF line terminators
Size
15 kB (14600 bytes)
Hash
7cf4f53081d47c74b6ee2bbbc19e3f47
010d304853d28aa8c6bb76bd7bff2027c7a9a565
33f141b9e68aef5521df01ae4a31a998587d2415f1be319971b804ebd0c134d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Css/global.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 19 Apr 2024 05:24:36 GMT
Accept-Ranges: bytes
ETag: 638490758763862075
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ekuyvdwdj0ql03isavb2rcpq; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/plugins/slider.swiper/dist/css/swiper.min.css

66.220.9.48

200 OK

2.4 kB

URL GET HTTP/1.1
66.220.9.48/assets/plugins/slider.swiper/dist/css/swiper.min.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text, with very long lines (14121)
Size
2.4 kB (2392 bytes)
Hash
0b941af5db66a60fea0fcc6a262aaf11
94e10a86340948ed7430c889c18c7edeffe76435
c97d1b46ae98f77df4ec2d62d151460f3af3a0ce826c847359ca3c7e283638f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/slider.swiper/dist/css/swiper.min.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:35 GMT
Accept-Ranges: bytes
ETag: 637674135350115037
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=n3itbdiyvsyg4bxcsxbs5wf0; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/css/header-1.css

66.220.9.48

200 OK

703 B

URL GET HTTP/1.1
66.220.9.48/assets/css/header-1.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text
Size
703 B (703 bytes)
Hash
46fda8e88e0f274e51482298d3dc3315
99240eb21bfdb939592c6e8945c3dfebe4bde9da
94979c3d026ccda269cae2dc90f8f39c9ac4eba96df29c01dda6d1eeeacd0ba0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/header-1.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135313889342
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=cpht3tqqolpje0zmukhyfpnx; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/Css/Layout.css

66.220.9.48

200 OK

6.5 kB

URL GET HTTP/1.1
66.220.9.48/Css/Layout.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
Size
6.5 kB (6466 bytes)
Hash
bd62f6d5f95224fdd11d79cf5799771d
b775072bee98c71c1433459a9ffc7b78091d4b23
a76fb538963b01e00a2a3baf9cf5287218dd1fc0386fb55e4edc72b82c55079c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Css/Layout.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 13 Oct 2023 03:01:37 GMT
Accept-Ranges: bytes
ETag: 638327376976239262
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=t1ud2nvvll2d0nrjb5xhuci1; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/slider.nivo/nivo-slider.css

66.220.9.48

200 OK

900 B

URL GET HTTP/1.1
66.220.9.48/slider.nivo/nivo-slider.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text
Size
900 B (900 bytes)
Hash
447ac03378412fb48b1bdccc1dc47f9e
f8bff4ddf3bced119460d5a714609dfeb29b73cc
6d36bb20d0a63675b994ec3e600838dc64b0bfa3a5c3867249594b3863cc8322

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /slider.nivo/nivo-slider.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:49 GMT
Accept-Ranges: bytes
ETag: 637674141494843205
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pwio5k0mrskkwwo1qa2pq0jy; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/css/ui-lightness/jquery-ui-1.10.4.custom.min.css

66.220.9.48

200 OK

5.8 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/css/ui-lightness/jquery-ui-1.10.4.custom.min.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text, with very long lines (1404), with CRLF line terminators
Size
5.8 kB (5787 bytes)
Hash
6de1947106fc024d8acd41989a6d15ed
56407671c4264d0c9e879542006957a57d1d7db9
df9c6f2c3658851d1bc51e7af9b2a36b98f241d2c93160f03933059dde8bc060

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/js/jquery-ui-1.10.4.custom/css/ui-lightness/jquery-ui-1.10.4.custom.min.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:34 GMT
Accept-Ranges: bytes
ETag: 637674141349102905
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3jprdjukb1clmg3dwd20nnwf; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/css/layout.css

66.220.9.48

200 OK

26 kB

URL GET HTTP/1.1
66.220.9.48/assets/css/layout.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Unicode text, UTF-8 text, with very long lines (4341)
Size
26 kB (25957 bytes)
Hash
175b5b7b930cab3d34e0cafd6f75d9c2
604374e264959db7bd52c02bc7c0bbe7688d594d
2a06d2bfcd2d48a5d0f3b1a7abe6cf02e61395ec57e1ddb2f08eccb9638f80c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/layout.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135314188892
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fjsmjfprojf5tr53rpgo3ryv; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/ResellerWebSite/js/Header.js?v=1.3

66.220.9.48

200 OK

2.5 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/js/Header.js?v=1.3
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.5 kB (2476 bytes)
Hash
4909b2799ad6e1c4e3bd0b9f1513a0ee
b3e5675c92ebed28d9177a2433b93a062f568a30
52096b7b8e8eb401b977cffd896ac270b7ae9f6059c1bd50f77bb30b848111f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/js/Header.js?v=1.3 HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 15 Apr 2024 07:28:21 GMT
Accept-Ranges: bytes
ETag: 638487377012138696
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pjqshbhr04o3gws22req222m; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/ResellerWebSite/js/CameraHealthChecking.js?v=1.1

66.220.9.48

200 OK

1.7 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/js/CameraHealthChecking.js?v=1.1
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.7 kB (1707 bytes)
Hash
84a24fe65e3a967425284f9042fac983
77d783c8b93a70c2111d263962b97329c2456050
5269fa738857d6b5d68b3689a5e1144afacddd58e930f19aea77f717026b860f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/js/CameraHealthChecking.js?v=1.1 HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 15 Apr 2024 07:28:21 GMT
Accept-Ranges: bytes
ETag: 638487377012028688
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=puoul3cx5bmb5zmz3fb0coyj; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/plugins/jquery/jquery-2.1.4.min.js

66.220.9.48

200 OK

30 kB

URL GET HTTP/1.1
66.220.9.48/assets/plugins/jquery/jquery-2.1.4.min.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
30 kB (29569 bytes)
Hash
f9c7afd05729f10f55b689f36bb20172
43dc554608df885a59ddeece1598c6ace434d747
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/jquery/jquery-2.1.4.min.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:34 GMT
Accept-Ranges: bytes
ETag: 637674135346394982
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=e2n0yrfwnlmoba2eelztlsep; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/css/essentials.css

66.220.9.48

200 OK

78 kB

URL GET HTTP/1.1
66.220.9.48/assets/css/essentials.css
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
ASCII text
Size
78 kB (77512 bytes)
Hash
d4a03eb7f088f9295a1b3465b08cb26c
db02a448a8da8cc4bbd9c3401752025296b2ced4
2148b538da3f111ad0ac8679e286547fba48138d930a24871b801e3a14e208df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/essentials.css HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135317948890
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pj0pdehh45m5kwbhh0eerccc; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:58 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:58 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/js/Secure/sso.js

66.220.9.48

200 OK

3.3 kB

URL GET HTTP/1.1
66.220.9.48/js/Secure/sso.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.3 kB (3329 bytes)
Hash
a8761a02fe20651b4d77587d93a86649
45513bc65072a19127f10b213bb1352e51423f0a
089ab263324e0c6b58ecae8e273b390868d6f1456ca4b58d4365a4d2357ec325

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/Secure/sso.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 24 Apr 2024 02:24:38 GMT
Accept-Ranges: bytes
ETag: 638494970786098263
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=0qmmloymexusb4gtfwqwctnz; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/js/scripts.js

66.220.9.48

200 OK

33 kB

URL GET HTTP/1.1
66.220.9.48/assets/js/scripts.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text, with CRLF, LF line terminators
Size
33 kB (32627 bytes)
Hash
31ab92b8627ea139edcad6edd12780f9
c7e533bdc93cc1e9479f6eefe742cd46e8543184
17d74acf54cabefc046d3438833f648c8af00d0f71d8e3af1763a391ced6bae2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/scripts.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:31 GMT
Accept-Ranges: bytes
ETag: 637674135315948849
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y0fg4mda23kk5hihw2vqthzo; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/js/view/demo.swiper_slider.js

66.220.9.48

200 OK

809 B

URL GET HTTP/1.1
66.220.9.48/assets/js/view/demo.swiper_slider.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text
Size
809 B (809 bytes)
Hash
fc354456e239d1b8b86bcaf8e3790fa1
f014c75be1ec0dfddfc9e9c9275601f44ba0b79c
8403d0bc51dc59544bedbced5f4839babc3a2c13bee4a9704f7f1adf70d5822b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/view/demo.swiper_slider.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 06:38:00 GMT
Accept-Ranges: bytes
ETag: 638235058807247298
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jf013bml1fuw2egpl50dvlqh; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/JS/jquery-ui-1.10.4.custom/js/jquery-ui-1.10.4.custom.min.js

66.220.9.48

200 OK

61 kB

URL GET HTTP/1.1
66.220.9.48/JS/jquery-ui-1.10.4.custom/js/jquery-ui-1.10.4.custom.min.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text, with very long lines (64560)
Size
61 kB (60731 bytes)
Hash
c986e84bd3423c49bb56bf80857f9030
cbbfc8e667efd61fd95f479b215dc1e3286db498
8f6547772e334af713442db42fe4a89a9091ff622518cb76dc963137aed4ffc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/jquery-ui-1.10.4.custom/js/jquery-ui-1.10.4.custom.min.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:43 GMT
Accept-Ranges: bytes
ETag: 637674141436983802
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=asnv2w2pogbw1htx00ygo23m; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/ResellerWebSite/Images/Logo.gif?t=638494971080597138

66.220.9.48

200 OK

6.7 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/Images/Logo.gif?t=638494971080597138
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
GIF image data, version 89a, 280 x 75
Size
6.7 kB (6698 bytes)
Hash
317556698cf62ca655283ead171f2078
ad86d4277c2210c36670b52238d3b41f3053e93d
9644f5a2ce38b55ef6be390bd9a209ba379354a9c6a4c976b2a9b5af0a53b613

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/Images/Logo.gif?t=638494971080597138 HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/gif
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:28:44 GMT
Accept-Ranges: bytes
ETag: 637674137241612595
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pfulurp25lq3i2k0gqsdxfys; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/index/Clock.png

66.220.9.48

200 OK

1.4 kB

URL GET HTTP/1.1
66.220.9.48/images/index/Clock.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 92 x 92, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1398 bytes)
Hash
926a71e1170d07cee4b9d07c00629f3e
1f55a0496f96425c8034c9121599b9076efcb25c
ed7fc13f811f7f6b7efc8288f754d345c20f8470b8a328a7be9782c061a48a0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/index/Clock.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:08 GMT
Accept-Ranges: bytes
ETag: 637674141089634701
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pvrc13r21m5gk00a5l3wckg1; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/index/contract.png

66.220.9.48

200 OK

1.6 kB

URL GET HTTP/1.1
66.220.9.48/images/index/contract.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 101 x 69, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1551 bytes)
Hash
aefa05c75ff435f4b35da38d467c8b90
8cd3d0f8cf87dbf44421bc29ceef65f32db1eb73
fdbc8c9a97020e75c2f5d347710c1a175426372229300cbea6cd186398557d1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/index/contract.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:09 GMT
Accept-Ranges: bytes
ETag: 637674141090264657
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=zy5e1edhgxg4rxz0ljua4uqv; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/index/SecureCloud.png

66.220.9.48

200 OK

1.3 kB

URL GET HTTP/1.1
66.220.9.48/images/index/SecureCloud.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 118 x 74, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1342 bytes)
Hash
4b02cf73e21a787f3cb1b04fb8cdc66e
59454a1cc69dea730c4cb55b913a58096c299e68
63e96e019f50909b3e7ce3636842ac48b8874dcea11ec65ca850c76655ca45a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/index/SecureCloud.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:17 GMT
Accept-Ranges: bytes
ETag: 637674141174931352
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=bnav4i2lh1oj1bc4wf42lcep; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/index/ip.png

66.220.9.48

200 OK

5.8 kB

URL GET HTTP/1.1
66.220.9.48/images/index/ip.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 92 x 92, 8-bit/color RGBA, non-interlaced
Size
5.8 kB (5828 bytes)
Hash
aa3b90082b64214df6820990259ff4f7
e9a5148bfad6a802cd45b24541590f751d92a845
8b80e6ff5f3c7828d31b4f10d2b6bea406f860fec48d72f61260d9d0e79e0669

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/index/ip.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:13 GMT
Accept-Ranges: bytes
ETag: 637674141132971569
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4ljykjwa3ijsllkqukpzjhrh; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

www.googletagmanager.com/gtm.js?id=GTM-5QLXBR

142.250.74.168

200 OK

56 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5QLXBR
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://66.220.9.48/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (2642)
Size
56 kB (56184 bytes)
Hash
3a86ae57fe6cc101fea32fade737be42
806c45ad8ade1ca93d756786fec1329e69ce37f3
a06415a52a40d49d9241592813812f20b0d0e334636b4881c43b74eb0d8244b8

HTTP Headers

GET /gtm.js?id=GTM-5QLXBR HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 Apr 2024 04:21:59 GMT
expires: Sun, 28 Apr 2024 04:21:59 GMT
cache-control: private, max-age=900
last-modified: Sun, 28 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56184
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

66.220.9.48/js/localtimeconversion.js

66.220.9.48

200 OK

2.6 kB

URL GET HTTP/1.1
66.220.9.48/js/localtimeconversion.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.6 kB (2594 bytes)
Hash
d7a91560803bf532109d642adffa583c
73ac8ae909cb40b899d30a6b2fde65c377efe9c5
9e76c07ad67b96422975351d69682745aa7436255c2fb0b3f87f66b0567d5e6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/localtimeconversion.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=0qmmloymexusb4gtfwqwctnz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 04 Sep 2022 15:24:21 GMT
Accept-Ranges: bytes
ETag: 637978766619182183
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebsite/images/homeIcon.gif

66.220.9.48

200 OK

183 B

URL GET HTTP/1.1
66.220.9.48/ResellerWebsite/images/homeIcon.gif
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
GIF image data, version 89a, 12 x 13
Size
183 B (183 bytes)
Hash
2b0aa557a702b13e4423832036be9f1d
2f58adaa346d40f2431e52e4412c9459137564b7
bf3353cb3ecd68d9f0cf9a3ee6a42d26191045d00b5a8b8d53ed651500e87213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebsite/images/homeIcon.gif HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/gif
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:28:17 GMT
Accept-Ranges: bytes
ETag: 637674136977337871
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dyhvvv3tmmbe2aoogzkd20g0; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebsite/images/pathNext.gif

66.220.9.48

200 OK

75 B

URL GET HTTP/1.1
66.220.9.48/ResellerWebsite/images/pathNext.gif
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
GIF image data, version 89a, 7 x 10
Size
75 B (75 bytes)
Hash
162e6a63ff65a4cc79bae837be9f5705
cf85eebade3a30213631b30cf1fff9e95cd92cbe
0dbb5ece89edaf93fd948f0aa89a2ef432401c0175a8751cdd69ecaf101e9045

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebsite/images/pathNext.gif HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/gif
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:29:02 GMT
Accept-Ranges: bytes
ETag: 637674137426668044
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jfeume1erzr0umdfbsig4twt; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebSite/images/index/Apple.png

66.220.9.48

200 OK

2.4 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/images/index/Apple.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
Size
2.4 kB (2391 bytes)
Hash
e84ac577094cd7366064eedbb5b6bbae
7cd8df251ba21b4cc8adacef0b7c6ad6b701762c
8d95fd5c93a4c43fefc01f6d503fc04e91603f95bcac52fd4fbdaf56dddddffd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/images/index/Apple.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:08 GMT
Accept-Ranges: bytes
ETag: 637674141088194721
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fn4hw25s3cgfwovpx0tedros; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/js/jquery-1.10.2.js

66.220.9.48

200 OK

81 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/js/jquery-ui-1.10.4.custom/js/jquery-1.10.2.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text
Size
81 kB (81097 bytes)
Hash
91515770ce8c55de23b306444d8ea998
1d85f0f3464e5e49b0522744bf7314e176ac76d9
8ade6740a1d3cfedf81e28d9250929341207b23a55f1be90ccc26cf6d98e052a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/js/jquery-ui-1.10.4.custom/js/jquery-1.10.2.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=0qmmloymexusb4gtfwqwctnz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:44 GMT
Accept-Ranges: bytes
ETag: 637674141445015648
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebSite/images/index/Windows.png

66.220.9.48

200 OK

2.4 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/images/index/Windows.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
Size
2.4 kB (2439 bytes)
Hash
203bb1479717119756cbb845956d5f09
3fb6aaa27ccfbdc22a9e3af598403a538ad48cff
37cbfb9764eb7296861fcf1b94ed7e5f5695fd07fa793683ac015feca458d72b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/images/index/Windows.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:20 GMT
Accept-Ranges: bytes
ETag: 637674141207278594
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

seal-goldengate.bbb.org/logo/drive-headquarters-380755.js

68.70.204.1

200 OK

704 B

URL GET HTTP/2
seal-goldengate.bbb.org/logo/drive-headquarters-380755.js
IP
68.70.204.1:443
ASN
#44239 proinity GmbH

Requested by
https://66.220.9.48/
Certificate
IssuerDigiCert Inc
Subject*.bbb.org
Fingerprint53:C9:A6:EB:96:50:F7:DF:29:44:1C:9A:A1:DC:AB:75:F4:B9:7D:AB
ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 25 Apr 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (1052), with no line terminators
Size
704 B (704 bytes)
Hash
6e46214a4d417c17811a05a9e08e3544
d1e909777a6597d345caf9081c7e5ba3e3ec79df
f65f22397059118cccfd802b37ef9279a732cf89f21d32aef7d74a7c08c5f318

HTTP Headers

GET /logo/drive-headquarters-380755.js HTTP/1.1
Host: seal-goldengate.bbb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: keycdn
date: Sun, 28 Apr 2024 04:21:59 GMT
content-type: application/javascript
content-length: 704
content-encoding: gzip
last-modified: Fri, 15 Apr 2022 18:21:06 GMT
etag: "1db3ee92f550d81:0"
vary: Accept-Encoding
x-robots-tag: noindex
x-powered-by: ASP.NET
expires: Sun, 28 Apr 2024 08:21:59 GMT
cache-control: max-age=14400
x-cache: HIT
x-shield: active
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

66.220.9.48/ResellerWebSite/images/index/Android.png

66.220.9.48

200 OK

3.0 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebSite/images/index/Android.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
Size
3.0 kB (2972 bytes)
Hash
9244ac48fe2056915c0ae0aed7e4c705
759ba6b59b910276a8579560a7745c7717d4f083
f94d88c8019cdd4a6c17a525178e002c749622824960b3eb2e5e4ed81f422e29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebSite/images/index/Android.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:35:08 GMT
Accept-Ranges: bytes
ETag: 637674141088154700
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qeyxrhlzxxpjbcggnqwgd144; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/ResellerWebsite/images/Poweredby.png

66.220.9.48

200 OK

9.4 kB

URL GET HTTP/1.1
66.220.9.48/ResellerWebsite/images/Poweredby.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 175 x 66, 8-bit/color RGBA, non-interlaced
Size
9.4 kB (9435 bytes)
Hash
78bf8a375ce7fcb6552b1b2476cc462a
64868fe628e2a75eb4d8be8e8baaf1ca501fa536
163d4ce4c29f87882796b5de8641283c9272fe009ca9e5b48230e5bcda4dd330

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ResellerWebsite/images/Poweredby.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:29:20 GMT
Accept-Ranges: bytes
ETag: 637674137608430276
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=psqyvlmccijty5zslne5svsp; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/Images/Desktop/help.gif

66.220.9.48

200 OK

1.2 kB

URL GET HTTP/1.1
66.220.9.48/Images/Desktop/help.gif
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
GIF image data, version 89a, 22 x 22
Size
1.2 kB (1158 bytes)
Hash
548fa99c41e74a453795b1ada3234f84
5b46ccb1c1022940f6c4aa96cc232453bed3fe7a
23f3e1e62f85d0d6de64d13b4f02a9db70cc0995c4b5df0295f11d3c6ac6f575

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/Desktop/help.gif HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/gif
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:34:42 GMT
Accept-Ranges: bytes
ETag: 637674140828511765
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/Css/sansation_regular-webfont.woff

66.220.9.48

200 OK

14 kB

URL GET HTTP/1.1
66.220.9.48/Css/sansation_regular-webfont.woff
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Web Open Font Format, TrueType, length 14420, version 1.0
Size
14 kB (14420 bytes)
Hash
a67b611a270d83e8e1a9fec2af237c45
aba35c47e4d84113bb7f7ec94a2870738e2fd4b0
9e61e0dc10bac831a7e15c354044c2c43215fe661f4d5a715347cad1b71d3b9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Css/sansation_regular-webfont.woff HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14420
Content-Type: %0d%0a			application/x-font-woff%0d%0a
Last-Modified: Fri, 17 Sep 2021 01:25:47 GMT
Accept-Ranges: bytes
ETag: 637674135476468218
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/assets/plugins/slider.swiper/dist/js/swiper.min.js

66.220.9.48

200 OK

17 kB

URL GET HTTP/1.1
66.220.9.48/assets/plugins/slider.swiper/dist/js/swiper.min.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Web Open Font Format, TrueType, length 16668, version 1.0
Size
17 kB (16668 bytes)
Hash
99833248a2388a14094ee56aa17bb531
c4b02bec02c58b919e36c60a533718a61c988e24
ba751c96d19ef35db5b8dcc1bb6b295e44b9f910d8c0aeb5059f3f60ecef12c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/slider.swiper/dist/js/swiper.min.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:35 GMT
Accept-Ranges: bytes
ETag: 637674135351667257
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1k10zde24gkrggoukjstz3t0; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:58 GMT

66.220.9.48/assets/fonts/fontawesome-webfont.woff2?v=4.4.0

66.220.9.48

200 OK

64 kB

URL GET HTTP/1.1
66.220.9.48/assets/fonts/fontawesome-webfont.woff2?v=4.4.0
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64464, version 4.262
Size
64 kB (64464 bytes)
Hash
4b5a84aaf1c9485e060c503a0ff8cadb
574ea2698c03ae9477db2ea3baf460ee32f1a7ea
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/assets/css/essentials.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 64464
Content-Type: application/octet-stream
Last-Modified: Fri, 17 Sep 2021 01:14:52 GMT
Accept-Ranges: bytes
ETag: 637674128922988242
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/first2.png

66.220.9.48

200 OK

527 kB

URL GET HTTP/1.1
66.220.9.48/images/first2.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 1000 x 518, 8-bit/color RGBA, non-interlaced
Size
527 kB (526752 bytes)
Hash
01f45c16cca3651d5fed9c897bc7fe3c
ba0db0f816de9bfdd132ad079a79dc192c01c84a
820667675945fa47cda8792721d945958d0b78f09831adf04e50531d937fe995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/first2.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:28:12 GMT
Accept-Ranges: bytes
ETag: 637674136925689570
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=iyjchypa5owgug43hhwaxvsz; path=/; HttpOnly; SameSite=Lax
refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/anotherslide.jpg

66.220.9.48

200 OK

641 kB

URL GET HTTP/1.1
66.220.9.48/images/anotherslide.jpg
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, manufacturer=NIKON CORPORATION, model=NIKON D3100, orientation=upper-left, xresolution=152, yresolution=160, resolutionunit=2, software=Ver.1.00 , datetime=2014:04:19 17:27:20], baseline, precision 8, 2500x1150, components 3
Size
641 kB (641132 bytes)
Hash
0c3979ca4a77a78e6988053f03bbe51c
5f61d735f0a36ea9461b30901e935db376aab14f
9a2f53d246b9e399b8302bec6ca0eb629df46652a4d9369b3e033ea79d29bd88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/anotherslide.jpg HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/jpeg
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:27:40 GMT
Accept-Ranges: bytes
ETag: 637674136604495848
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/api/camera/CheckIfIPBlocked.aspx

66.220.9.48

200 OK

40 B

URL GET HTTP/1.1
66.220.9.48/api/camera/CheckIfIPBlocked.aspx
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JSON text data
Size
40 B (40 bytes)
Hash
8ee4613a2fb5c085dd664e64283ea1ae
325f5e87585560f9e125084275cc9ceea6ef531a
548fcf73158d2aae6541e5b048a29a7164b5df80a3baf2c21b1dc9c5374f5519

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/camera/CheckIfIPBlocked.aspx HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=psqyvlmccijty5zslne5svsp
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/json; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/assets/plugins/bootstrap/js/bootstrap.min.js

66.220.9.48

200 OK

9.8 kB

URL GET HTTP/1.1
66.220.9.48/assets/plugins/bootstrap/js/bootstrap.min.js
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JavaScript source, ASCII text, with very long lines (32003)
Size
9.8 kB (9764 bytes)
Hash
c5b5b2fa19bd66ff23211d9f844e0131
791aa054a026bddc0de92bad6cf7a1c6e73713d5
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/plugins/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=psqyvlmccijty5zslne5svsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:34 GMT
Accept-Ranges: bytes
ETag: 637674135341744948
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:22:00 GMT

66.220.9.48/Images/features.png

66.220.9.48

200 OK

26 kB

URL GET HTTP/1.1
66.220.9.48/Images/features.png
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 1800 x 771, 8-bit/color RGBA, non-interlaced
Size
26 kB (26472 bytes)
Hash
0573c0b08d73136d770a764ac6ca23f9
5bebe2c2f69ac4a15d136305f319ab957647c9f8
ffb276ce87112a74622aa1dcabc426df37033a57ca718f5f03df7ca65a1cd1fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/features.png HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/Layout.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/png
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:27:42 GMT
Accept-Ranges: bytes
ETag: 637674136627299872
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:22:00 GMT

66.220.9.48/images/outdoor3.jpg

66.220.9.48

200 OK

1.1 MB

URL GET HTTP/1.1
66.220.9.48/images/outdoor3.jpg
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=11, description=Industrial construction site., manufacturer=NIKON CORPORATION, model=NIKON D800, orientation=upper-left, xresolution=206, yresolution=214, resolutionunit=2, software=Adobe Photoshop Camera Raw 9.3.1 (Macintosh), datetime=2016:01:17 19:29:56, copyright=jovannig - Fotolia], baseline, precision 8, 2500x1150, components 3
Size
1.1 MB (1063620 bytes)
Hash
bcb40628f865b19c2d5ea7ca853544e0
79c850ec94d58168c7359bc7e2a22c67bb27055a
712ef6a448ca1a677bce871b48a7a4d99ab96a384682015ee03bdc1fd5e1397e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/outdoor3.jpg HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/jpeg
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:29:40 GMT
Accept-Ranges: bytes
ETag: 637674137809065790
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/images/secondfinal.jpg

66.220.9.48

200 OK

740 kB

URL GET HTTP/1.1
66.220.9.48/images/secondfinal.jpg
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, manufacturer=NIKON CORPORATION, model=NIKON D5100, orientation=upper-left, xresolution=152, yresolution=160, resolutionunit=2, software=Ver.1.00 , datetime=2016:02:29 21:40:32], baseline, precision 8, 2500x1150, components 3
Size
740 kB (740186 bytes)
Hash
7382866552647c6dd96ccd6b4594c84b
73fbb857f9516b916a442c3439c5b82dbf009262
8aaa8b4761617c41329772a5992f59f26b0274627e5426125b19a84cc353f903

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/secondfinal.jpg HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/jpeg
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:29:53 GMT
Accept-Ranges: bytes
ETag: 637674137938343738
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:21:59 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:21:59 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

66.220.9.48/Images/smartphone.jpg

66.220.9.48

200 OK

444 kB

URL GET HTTP/1.1
66.220.9.48/Images/smartphone.jpg
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=13, PhotometricInterpretation=RGB, description=hand holding mobile phone with cityscape as background, manufacturer=Canon, model=Canon EOS 6D, orientation=upper-left, xresolution=246, yresolution=254, resolutionunit=2, software=Adobe Photoshop Lightroom 5.7.1 (Macintosh), datetime=2015:07:17 17:14:46, copyright=zhu difeng - Fotolia, GPS-Data], baseline, precision 8, 2500x1068, components 3
Size
444 kB (444472 bytes)
Hash
511943824d11d586e0bea4ac9a46c86c
9071b367137ff1acbc9cf1d654f6d7a6476a4a2b
fe6ea2441e0777485525659ac7af25b1aff8ea534443c00e9a81f6733c8a8740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/smartphone.jpg HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/jpeg
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:29:54 GMT
Accept-Ranges: bytes
ETag: 637674137947748711
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:22:00 GMT

66.220.9.48/Images/Homepage/CraveLineH.gif

66.220.9.48

200 OK

62 B

URL GET HTTP/1.1
66.220.9.48/Images/Homepage/CraveLineH.gif
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
GIF image data, version 89a, 1 x 2
Size
62 B (62 bytes)
Hash
2292d3b72761620ca312cc4950a8b981
6ed28a8322030071a8a118c0ebe048b3abf89cd0
cff1210caa54e7abdb689df4d9666d9c7dc7b66a852df391346dd7e2a32262d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/Homepage/CraveLineH.gif HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/gif
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:34:59 GMT
Accept-Ranges: bytes
ETag: 637674140991062921
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:22:00 GMT

bat.bing.com/bat.js

204.79.197.237

200 OK

13 kB

URL GET HTTP/2
bat.bing.com/bat.js
IP
204.79.197.237:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://66.220.9.48/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint3E:63:C2:B1:20:9D:0D:E8:68:D6:14:A0:1C:3C:24:7A:03:72:6E:06
ValiditySat, 27 Apr 2024 01:55:15 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (46429), with no line terminators
Size
13 kB (13261 bytes)
Hash
72bca04fd669eb89fc65d59052d0fc00
27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13261
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ranges: bytes
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FC6018EC4F0749B68BDD594D7F5289FA Ref B: OSL30EDGE0505 Ref C: 2024-04-28T04:22:01Z
date: Sun, 28 Apr 2024 04:22:00 GMT
X-Firefox-Spdy: h2

66.220.9.48/favicon.ico

66.220.9.48

200 OK

632 B

URL GET HTTP/1.1
66.220.9.48/favicon.ico
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
632 B (632 bytes)
Hash
6180e1e78d81a501dbcd507912d95168
cef70c3f424a323b3803a64696333c14328a9311
bebe55213f4ff5bf3e522dc9452e8a6a59b76b1f575518a0a444cd10f3ef0a86

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=psqyvlmccijty5zslne5svsp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/x-ico
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:25:30 GMT
Accept-Ranges: bytes
ETag: 637674135307878801
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:01 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:01 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:01 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:22:01 GMT

bat.bing.com/action/0?ti=5164291&Ver=2&mid=92046558-1abd-49dd-b356-5b2e42750c50&sid=dc5f8cc0051611efbae2d1e4f45e2a19&vid=dc5fa3c0051611efb3087be46b4aa4ad&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=CameraFTP%3A%20Leading%20Cloud%20Surveillance,%20Storage%20%26%20Security%20Service.%20Live%20Monitoring,%20Playback,%20Streaming,%20Broadcasting&kw=Cloud%20recording,%20cloud%20surveillance,%20IP%20camera%20storage,%20camera%20cloud%20storage,%20cam%20cloud,%20network%20camera,%20DVR%20storage,%20backup%20DVR,%20backup%20camera%20storage,%20home%20monitoring,%20home%20security,%20Camera%20Viewer,%20Camera%20Live%20View,%20Camera%20Recording,%20live%20streaming&p=https%3A%2F%2F66.220.9.48%2F&r=&lt=204&evt=pageLoad&sv=1&rn=881463

204.79.197.237

204 No Content

0 B

URL GET HTTP/2
bat.bing.com/action/0?ti=5164291&Ver=2&mid=92046558-1abd-49dd-b356-5b2e42750c50&sid=dc5f8cc0051611efbae2d1e4f45e2a19&vid=dc5fa3c0051611efb3087be46b4aa4ad&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=CameraFTP%3A%20Leading%20Cloud%20Surveillance,%20Storage%20%26%20Security%20Service.%20Live%20Monitoring,%20Playback,%20Streaming,%20Broadcasting&kw=Cloud%20recording,%20cloud%20surveillance,%20IP%20camera%20storage,%20camera%20cloud%20storage,%20cam%20cloud,%20network%20camera,%20DVR%20storage,%20backup%20DVR,%20backup%20camera%20storage,%20home%20monitoring,%20home%20security,%20Camera%20Viewer,%20Camera%20Live%20View,%20Camera%20Recording,%20live%20streaming&p=https%3A%2F%2F66.220.9.48%2F&r=&lt=204&evt=pageLoad&sv=1&rn=881463
IP
204.79.197.237:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://66.220.9.48/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint3E:63:C2:B1:20:9D:0D:E8:68:D6:14:A0:1C:3C:24:7A:03:72:6E:06
ValiditySat, 27 Apr 2024 01:55:15 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=5164291&Ver=2&mid=92046558-1abd-49dd-b356-5b2e42750c50&sid=dc5f8cc0051611efbae2d1e4f45e2a19&vid=dc5fa3c0051611efb3087be46b4aa4ad&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=CameraFTP%3A%20Leading%20Cloud%20Surveillance,%20Storage%20%26%20Security%20Service.%20Live%20Monitoring,%20Playback,%20Streaming,%20Broadcasting&kw=Cloud%20recording,%20cloud%20surveillance,%20IP%20camera%20storage,%20camera%20cloud%20storage,%20cam%20cloud,%20network%20camera,%20DVR%20storage,%20backup%20DVR,%20backup%20camera%20storage,%20home%20monitoring,%20home%20security,%20Camera%20Viewer,%20Camera%20Live%20View,%20Camera%20Recording,%20live%20streaming&p=https%3A%2F%2F66.220.9.48%2F&r=&lt=204&evt=pageLoad&sv=1&rn=881463 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=11B79693A75B6FBA205B82FCA6AE6E09; domain=.bing.com; expires=Fri, 23-May-2025 04:22:01 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71658F0E6AB1437E9DAFCC1BD4482344 Ref B: OSL30EDGE0505 Ref C: 2024-04-28T04:22:01Z
date: Sun, 28 Apr 2024 04:22:00 GMT
X-Firefox-Spdy: h2

bat.bing.com/p/action/5164291.js

204.79.197.237

204 No Content

0 B

URL GET HTTP/2
bat.bing.com/p/action/5164291.js
IP
204.79.197.237:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://66.220.9.48/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint3E:63:C2:B1:20:9D:0D:E8:68:D6:14:A0:1C:3C:24:7A:03:72:6E:06
ValiditySat, 27 Apr 2024 01:55:15 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/5164291.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 276D042D759B4B0095F983450F5D0513 Ref B: OSL30EDGE0505 Ref C: 2024-04-28T04:22:01Z
date: Sun, 28 Apr 2024 04:22:00 GMT
X-Firefox-Spdy: h2

66.220.9.48/Images/bay.JPG

66.220.9.48

200 OK

951 kB

URL GET HTTP/1.1
66.220.9.48/Images/bay.JPG
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, manufacturer=NIKON CORPORATION, model=NIKON D5100, orientation=upper-left, xresolution=152, yresolution=160, resolutionunit=2, software=QuickTime 7.6.6, datetime=2014:04:07 10:17:27], baseline, precision 8, 2000x1325, components 3
Size
951 kB (950764 bytes)
Hash
b622e3e1b4f4d8ae89667b3ff0c5282a
f680bcf4fbc47924f93124175739564376c07528
0b457b60d230b4efde76bc5ecc1902f4817e0e6e8c55126d8b821a1728100d2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/bay.JPG HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: image/jpeg
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 01:27:26 GMT
Accept-Ranges: bytes
ETag: 637674136466123186
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: refID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
srcID=0; expires=Wed, 28-Aug-2024 04:22:00 GMT; path=/; secure; HttpOnly
ServerUTCDateOffset=-25200000; expires=Sun, 28-Apr-2024 08:22:00 GMT; path=/; secure
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

accounts.google.com/gsi/status?client_id=656779963598-b7hgbegha876uf350rnmps1stv8gomkv.apps.googleusercontent.com&as=OOlWtb%2FbKjOt0yK7xxVvdg

173.194.221.84

403 Forbidden

5.5 kB

URL GET HTTP/3
accounts.google.com/gsi/status?client_id=656779963598-b7hgbegha876uf350rnmps1stv8gomkv.apps.googleusercontent.com&as=OOlWtb%2FbKjOt0yK7xxVvdg
IP
173.194.221.84:443
ASN
#15169 GOOGLE

Requested by
https://66.220.9.48/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
gzip compressed data, max compression
Size
5.5 kB (5544 bytes)
Hash
f0d9e84ba6455ffddf033806624624f9
d8da7027eebc71488b9735a32963af17f5865a3b
6b1da9d77d8026cd59c6502e8aa9267e24260f03378adb5d3e3074efd3367c04

HTTP Headers

GET /gsi/status?client_id=656779963598-b7hgbegha876uf350rnmps1stv8gomkv.apps.googleusercontent.com&as=OOlWtb%2FbKjOt0yK7xxVvdg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://66.220.9.48
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: application/json; charset=utf-8
x-content-type-options: nosniff
access-control-allow-origin: https://66.220.9.48
access-control-allow-credentials: true
access-control-allow-methods: GET
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 Apr 2024 04:22:02 GMT
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-G6JMXWSolLUOcU_qAzdIgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

66.220.9.48/Css/sansation_bold-webfont.woff

66.220.9.48

200 OK

17 kB

URL GET HTTP/1.1
66.220.9.48/Css/sansation_bold-webfont.woff
IP
66.220.9.48:443
ASN
#6939 HURRICANE

Requested by
https://66.220.9.48/
Certificate
IssuerGlobalSign nv-sa
Subject*.cameraftp.com
Fingerprint56:D5:37:5F:8B:D1:CC:E3:3C:C2:2C:DC:7D:AC:EE:C0:78:06:04:97
ValiditySat, 08 Jul 2023 22:14:25 GMT - Thu, 08 Aug 2024 22:14:24 GMT

File type
Web Open Font Format, TrueType, length 16668, version 1.0
Size
17 kB (16668 bytes)
Hash
99833248a2388a14094ee56aa17bb531
c4b02bec02c58b919e36c60a533718a61c988e24
ba751c96d19ef35db5b8dcc1bb6b295e44b9f910d8c0aeb5059f3f60ecef12c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Css/sansation_bold-webfont.woff HTTP/1.1
Host: 66.220.9.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/Css/global.css
Cookie: randID=1751445828610815030; refID=0; srcID=0; ServerUTCDateOffset=-25200000; ASP.NET_SessionId=2ahhwipujbubsog0zi343d0q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16668
Content-Type: %0d%0a			application/x-font-woff%0d%0a
Last-Modified: Fri, 17 Sep 2021 01:25:47 GMT
Accept-Ranges: bytes
ETag: 637674135472738687
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 28 Apr 2024 04:21:59 GMT

accounts.google.com/gsi/style

173.194.221.84

200 OK

530 B

URL GET HTTP/3
accounts.google.com/gsi/style
IP
173.194.221.84:443
ASN
#15169 GOOGLE

Requested by
https://66.220.9.48/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
ASCII text, with very long lines (530), with no line terminators
Size
530 B (530 bytes)
Hash
6ce3c682ce6b9e0b88670395a63345c8
8cbfc0856a52320e3567792dfe2487748ac07458
524f1ea2ac242c6fae3c1cc52c7ae7d05a8a7db466fe3c7b46e8efcfc2d95e53

HTTP Headers

GET /gsi/style HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
expires: Sun, 28 Apr 2024 04:22:02 GMT
date: Sun, 28 Apr 2024 04:22:02 GMT
cache-control: private, max-age=86400
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: script-src 'nonce-HrQpi7EmrvohUBAazXxX0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/gsi/client

173.194.221.84

200 OK

220 kB

URL GET HTTP/2
accounts.google.com/gsi/client
IP
173.194.221.84:443
ASN
#15169 GOOGLE

Requested by
https://66.220.9.48/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint24:73:6B:52:47:71:E2:CB:E3:4E:89:44:4B:29:D9:F4:C2:A0:F1:14
ValidityMon, 08 Apr 2024 07:33:55 GMT - Mon, 01 Jul 2024 07:33:54 GMT

File type
JavaScript source, ASCII text, with very long lines (2899)
Size
220 kB (219641 bytes)
Hash
fae94bc2946e030cb4ecadb58d7099fb
5d218e0ff6ea391a8db0ddcd1d6944aa6ecfecf6
4daf16be97b54b6f4965267c01cd2d0618f6cd35a15dfa2820963e7c7620ea7c

HTTP Headers

GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Sun, 28 Apr 2024 04:22:01 GMT
date: Sun, 28 Apr 2024 04:22:01 GMT
cache-control: private, max-age=1800
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-BcufDC7mluJUU_T7oVM5AA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

seal-blue.bbb.org/legacy.min.css

68.70.204.1

200 OK

3.0 kB

URL GET HTTP/2
seal-blue.bbb.org/legacy.min.css
IP
68.70.204.1:443
ASN
#44239 proinity GmbH

Requested by
https://66.220.9.48/
Certificate
IssuerDigiCert Inc
Subject*.bbb.org
Fingerprint53:C9:A6:EB:96:50:F7:DF:29:44:1C:9A:A1:DC:AB:75:F4:B9:7D:AB
ValidityThu, 04 Apr 2024 00:00:00 GMT - Fri, 25 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (2987), with no line terminators
Size
3.0 kB (2987 bytes)
Hash
d82bcfc55c830cd612f1791a08c61a58
65d21e1c132a9bbd5f9a125cd789ef7bc172ef8a
687a68a1f30ee3ce6f18f262eb8dec5a69c560cc9dcd7c1ba94572da4420ac32

HTTP Headers

GET /legacy.min.css HTTP/1.1
Host: seal-blue.bbb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66.220.9.48/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: keycdn
date: Sun, 28 Apr 2024 04:22:02 GMT
content-type: text/css
cache-control: max-age=14400
last-modified: Fri, 15 Apr 2022 18:17:43 GMT
etag: W/"c598a219f550d81:0"
x-robots-tag: noindex
x-powered-by: ASP.NET
expires: Sun, 28 Apr 2024 08:22:02 GMT
content-encoding: gzip
x-cache: HIT
x-shield: active
x-edge-location: defr
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML