{"report_id":"2895a445-1d82-49de-a892-2a35e9cc9e86","version":6,"status":"done","tags":["malware","botpanel"],"date":"2023-10-04T15:11:48Z","url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":""},"ip":{"addr":"107.175.91.120","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"title":"Login"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T20:49:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"107.175.91.120","ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-10-03 17:09:43","last_seen":"2023-10-03 17:09:59","alert_count":29,"request_count":10,"received_data":9992,"sent_data":4279,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null}]}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-10-04T15:11:29.491Z","timestamp":1696432289491,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/ HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f; path=/\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":113,"dns":0,"connect":129,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/bootstrap/dist/css/bootstrap.min.css","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.916Z","timestamp":1696432289916,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/bootstrap/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.944Z","timestamp":1696432289944,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":145,"dns":0,"connect":182,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/bootstrap/dist/js/tether.min.js","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.939Z","timestamp":1696432289939,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/bootstrap/dist/js/tether.min.js HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":150,"dns":0,"connect":184,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/plugins/sweetalert/dist/sweetalert.css","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.922Z","timestamp":1696432289922,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/plugins/sweetalert/dist/sweetalert.css HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":167,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.918Z","timestamp":1696432289918,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":171,"dns":0,"connect":180,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/bootstrap/dist/js/bootstrap.min.js","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.941Z","timestamp":1696432289941,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/bootstrap/dist/js/bootstrap.min.js HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":475,"timings":{"blocked":148,"dns":0,"connect":185,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/plugins/sweetalert/dist/sweetalert.min.js","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.945Z","timestamp":1696432289945,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/plugins/sweetalert/dist/sweetalert.min.js HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":144,"dns":0,"connect":0,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/cdg/login.php/plugins/bower_components/jquery/dist/jquery.min.js","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:29.923Z","timestamp":1696432289923,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdg/login.php/plugins/bower_components/jquery/dist/jquery.min.js HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Oct 2023 15:11:29 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 699\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":699,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"fe63b1c5a4c1cef5831e1c53fea96819","sha1":"85d83d158b35a42c8f02d75618d624ea9ae5e0d1","sha256":"66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59","sha512":"10fecac3aa7c6e55d3f1c0693433f431157f54b87a9703ade3b4077973678ee95f30f360b5d0fd81d5125f3c4b5d7a87d70198483a8c6493442227b3b6dd089c","ssdeep":"","tlshash":"1e41400b71c80da9007248eca6795188faead007d657d50870fd2beb6ffbf4aa873145","first_seen":"2023-04-19T14:21:39Z","last_seen":"2025-12-06T04:58:04.49073Z","times_seen":49,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":301,"dns":0,"connect":0,"send":0,"wait":134,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"","tags":["malware","botpanel"],"meta":null}]}},{"url":{"schema":"http","addr":"107.175.91.120/favicon.ico","fqdn":"107.175.91.120","domain":"107.175.91.120","tld":"120"},"ip":{"addr":"107.175.91.120","port":80,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://107.175.91.120/cdg/login.php/","date":"2023-10-04T15:11:30.402Z","timestamp":1696432290402,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 107.175.91.120\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://107.175.91.120/cdg/login.php/\r\nCookie: PHPSESSID=jfo648k45tabldltr8hn8rtj9f\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Wed, 04 Oct 2023 15:11:30 GMT\r\nServer: Apache\r\nContent-Length: 196\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-05T14:56:24.943802Z","times_seen":90180,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":131,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2023-10-04","alert":"Agent Tesla","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Agent Tesla","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-10-04","alert":"Sinkholed","trigger":"107.175.91.120","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}