200 OK 6.4 kB URL User Request GET HTTP/1.1 IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 598592dab60f79138e63d8157f594f0f
e382434faa79b265998b31cf0abbfebb4a35f4f5
e46a96c76a70a52b82ada2c9560a4374d2055ef76b9d8f644c459379a24fbfd3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:51 GMT
134.0.213.182:3737/rtl/css/icons.css
200 OK 17 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/css/icons.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type ASCII text, with CRLF line terminators
Hash fdd7f0982244e771a0a56c1cf9ef0c94
c6ae92bc1b57229a15c05e6fbf8291ae3ad76959
eded331ff22cf4c60832b7bb3c835cb77c0a23cbdd4b8f697c47794d05361c67
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/css/icons.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318d8466"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/css/stylesheet_rtl.css
200 OK 8.8 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/css/stylesheet_rtl.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type assembler source, ASCII text, with CRLF line terminators
Hash f743df46991adc590d5b4f06cc47deef
6fd91a5bf0052799d45f2c4c28e5fd454cc2c35a
fc8ce35356e635dfc808365bfd81b57490dc8bbb12cb779cd91ee0de178bb4c6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/css/stylesheet_rtl.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c9345"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/css/upload-input.css
200 OK 1.5 kB URL GET HTTP/1.1 134.0.213.182:3737/css/upload-input.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type assembler source, ASCII text, with CRLF line terminators
Hash d85faf8cd207da43fdfff05bfac2551d
bf8259e0e286c4efa800eb3e3ce69dc332e20f6d
e877cec305205e7adc83351eefb3cb67425bf56181b4fed482109705acc80d33
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/upload-input.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cf7e8"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/css/fileinput.min.css
200 OK 3.7 kB URL GET HTTP/1.1 134.0.213.182:3737/css/fileinput.min.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type assembler source, ASCII text, with CRLF line terminators
Hash a120b2e1403ae2080858c54e0e33e0b0
0bd90193f0954a34f19be73c743a0cf16f9bc262
0cfca0897ea96774f260df3be7e95171367dbebe9e91a5cc91ed24c9d86ba0e7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/fileinput.min.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cd418"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
www.googletagmanager.com/gtag/js?id=G-XCEX0HF4Y2
200 OK 96 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-XCEX0HF4Y2
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (5955)
Hash 4038ca59271c4196bc39998d9e8213f5
5642a9f12efd514a80d4e0fc4b34354c428e6980
166db3d34b856f6d4873204029ed89a166909c29d4fd8514060a67ba0200014e
GET /gtag/js?id=G-XCEX0HF4Y2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:40 GMT
expires: Sat, 04 May 2024 10:09:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
134.0.213.182:3737/css/input-all.min.css
200 OK 16 kB URL GET HTTP/1.1 134.0.213.182:3737/css/input-all.min.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type ASCII text, with CRLF line terminators
Hash 56cb4aca9fd6c4289fa2490808d31583
c539d0cfe4b5505ae751b6308c7de0bed6f823b4
cad8035f3bcb7c8aa09ef5dda083424eb54edb40fdd24e47ed412a3ff403d1cd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/input-all.min.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318dd087"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/progscr/css/bootstrap.css
200 OK 41 kB URL GET HTTP/1.1 134.0.213.182:3737/progscr/css/bootstrap.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type Unicode text, UTF-8 text, with very long lines (562), with CRLF line terminators
Hash 33aaab4101d0d7f7c61b8872b6f070f0
4c071ba3a3ee14e2de8ac8f32bcd4dc26e295ccd
8e9e35c085e443ae2e723f12ebfbe58e320e52cd39cd98a6448909b6c69e2992
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /progscr/css/bootstrap.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318fab00"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
maps.googleapis.com/maps/api/js?key=&libraries=places
200 OK 82 kB URL GET HTTP/2 maps.googleapis.com/maps/api/js?key=&libraries=places
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type JavaScript source, ASCII text, with very long lines (10122)
Hash 61cd474a3c8dc9555a86cfbc919b269e
c537a3c5a2551a2b573d4c8e2d1022028b21c7ca
c577ac0d81cd6b11f3502fc27ebf0b568dd5b39c21df1179ffffbe1900f9011f
GET /maps/api/js?key=&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
timing-allow-origin: *
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 04 May 2024 10:09:40 GMT
server: scaffolding on HTTPServer2
content-length: 81506
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
134.0.213.182:3737/css/all.min.css
200 OK 30 kB URL GET HTTP/1.1 134.0.213.182:3737/css/all.min.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type ASCII text, with very long lines (65312), with CRLF line terminators
Hash 325e1d7dfcb0f98c60b78fefda71689d
1d6aca3583a726ca81c6f7dbaa873db546a4ac1c
d51a966ba8eba952d5e7e673eec9d916aafb7f633028650c7d6cf030647e683e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/all.min.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318d6b1d"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
www.googletagmanager.com/gtag/js?id=G-D7X77KDX9L
200 OK 103 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-D7X77KDX9L
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (5955)
Size 103 kB (102610 bytes)
Hash 7ad282001c106a9cc1040b2d56412ed2
4634eff4b9d2fdd38525e5d27a3783e50c3d03a5
1178d282e641f6274555ed35a3aedc8008cb830fae25cbc45047431213231b02
GET /gtag/js?id=G-D7X77KDX9L HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:40 GMT
expires: Sat, 04 May 2024 10:09:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
134.0.213.182:3737/js/login.js
200 OK 2.4 kB URL GET HTTP/1.1 134.0.213.182:3737/js/login.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash f8f56b27852157cd989af5e80d041be9
072b7ae88532fd9a27ac42c10b3043dbfe38fb8f
8f5a5fae895e91fe00e85ea4c85e73365afe9a1ca9e784b983c7141b596bc89c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/login.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 29 Jan 2024 06:18:12 GMT
Accept-Ranges: bytes
ETag: "1da527aef970986"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/newcss/site.css
200 OK 843 B URL GET HTTP/1.1 134.0.213.182:3737/newcss/site.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash d26c4e6752dafd9a23b5fa4d29f46a5a
adb0d7caa4a42fb39ed72ee5f6589fd4dfc63078
e63b744a98beceeceae9608dc1e62d41351081d8a96c83fadf58d576f9aca75d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /newcss/site.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318ce0f1"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
fonts.googleapis.com/css2?family=Nunito:wght@200;300;400;600;700;800;900&display=swap
200 OK 1.2 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Nunito:wght@200;300;400;600;700;800;900&display=swap
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type gzip compressed data, max compression
Hash f3aa64a46d3ea2a9d81d60ed70489623
fba632a361aa3d9adae429fb8ac0fb2b1829718a
e7dcfbd5dad7f07a45a81f306b554faef9248f198f88043722a27760b26becc4
GET /css2?family=Nunito:wght@200;300;400;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:09:40 GMT
date: Sat, 04 May 2024 10:09:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
134.0.213.182:3737/js/jquery-3.6.1.min.js
200 OK 40 kB URL GET HTTP/1.1 134.0.213.182:3737/js/jquery-3.6.1.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators
Hash 8f1950538c6051b90dae76087bc65424
f88af5a8061ad3170d0a7155636e798797ef9656
24c7030c50c1045cfefddac2d403f4bb2043b34183f6887f5c88a3e12e0236f9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/jquery-3.6.1.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf32242342"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/js/swal.js
200 OK 16 kB URL GET HTTP/1.1 134.0.213.182:3737/js/swal.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (46350), with no line terminators
Hash b16b5b4edca3f7ac7a43d115780769be
160b3c2469c302e0139026405baed980368b4832
0b2eb418ff3365837a0b9abb58296256709d735f1967c126675ee37b8032d640
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/swal.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf3225c811"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/css/style.css
200 OK 206 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/css/style.css
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type assembler source, ASCII text, with CRLF line terminators
Size 206 kB (205608 bytes)
Hash 1a8384320b81c45f6a83d05c8f03c127
40ea77b28643469c53fac9af1014880a00678374
791f4e2cb02b54259f427ab6fa8974613f4e746abf8558a3f67228019b4969ae
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/css/style.css HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf3184157d"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/jquery-migrate-3.0.0.min.js
200 OK 3.2 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/jquery-migrate-3.0.0.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (6986), with CRLF line terminators
Hash 809b0656a1474373ca3e71d573f1b0f5
cf29c3d8cf1ce28f65c7c1fa10b436dfaf8448cc
a44b5727bd453959ba8f2ae37fd2359272b730ada09e80fb2a5bbffd086ef075
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/jquery-migrate-3.0.0.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cfd2c"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/js/popper.min.js
200 OK 9.8 kB URL GET HTTP/1.1 134.0.213.182:3737/js/popper.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (24542), with CRLF line terminators
Hash 6296c1bb6ee13b9a2ca568c2b28f19d8
233338746c9da60de4250ea5ac8c8a89907973c1
0300f0e04abbeae9c04ce60231ddbefee05674d5526c88fb6008010c59ead324
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/popper.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf32251d3d"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/mmenu.min.js
200 OK 11 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/mmenu.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (499), with CRLF line terminators
Hash 16da4d32d90fa911eb3ac078b923a6ba
f037e90a22c2edb88f67aab236b0414708f5cf38
0450f10b9999d5bcdfba8e3239813c22bfe59eedea4fc4d8137921475aac239e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/mmenu.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c7a2d"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/tippy.all.min.js
200 OK 19 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/tippy.all.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (53031), with CRLF line terminators
Hash f47c51e4352645b75703de2dd46c0d0e
acfe2faa7b5e62594cd49fadc21753c0975fd378
ad80e6c8625c1a6dbe8d1fb8552b9e1ed95b03fa0cd36e70a5c153a7c3b70083
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/tippy.all.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c29a9"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/lib/bootstrap/dist/js/bootstrap.min.js
200 OK 21 kB URL GET HTTP/1.1 134.0.213.182:3737/lib/bootstrap/dist/js/bootstrap.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (57791), with CRLF line terminators
Hash 0a958254db529f99f475080fe2a6dcdb
eebc17246f2beda813dd3372593cc54a152f9cb4
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /lib/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c045e"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/bootstrap-slider.min.js
200 OK 11 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/bootstrap-slider.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (32018), with CRLF line terminators
Hash 3466dba21baa2eff6d00133943e8c7aa
6a14a3b321a9d366454e72888ae7d9d62a003bbf
650d2ed3ea191226ab907359c10bd159e29bbb8bac8337f642d08790f89daab6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/bootstrap-slider.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c6176"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/snackbar.js
200 OK 1.9 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/snackbar.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with CRLF line terminators
Hash 6833608ee2e0fe907feab12b5da95ab3
c6e4349b20ad416aad878ab990765eaec9633f15
6a68735fe03a0741c23ca3b2e986f7e78e918c249e6e439b846687f683aafff1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/snackbar.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cf104"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/simplebar.min.js
200 OK 12 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/simplebar.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (21045), with CRLF line terminators
Hash 0fb1f5b886787a013ae596ed8e24fdc4
5ad4e29c0aa4b663660c098552e75928021391cd
d893bdeca114e53b2f9a61c2d8452e2a8e877f21ed57c0684578946f8b309b00
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/simplebar.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c9b80"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/bootstrap-select.min.js
200 OK 13 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/bootstrap-select.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (32004), with CRLF line terminators
Hash ded249501dd5a8ecd173b5f72892a30b
637b5437f08fad6be5016ea4aa8e395141359e3c
0f81dfb10a7f46fd54e82ee9fe77ef063e1e6b18e449c38b0e123b4b85d84a11
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/bootstrap-select.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c6a42"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:53 GMT
134.0.213.182:3737/rtl/js/clipboard.min.js
200 OK 4.0 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/clipboard.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (10553), with CRLF line terminators
Hash 1ebaf9d368dbe738ca4f12464fbd4159
0fce4b2be9f9fc1746f66fa6c25a57ef26a182b6
fccb95fa48165975fe324075682a1f897b946d3a4b15f4a6935e6ae5bb8be4ab
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/clipboard.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318ccf2c"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/counterup.min.js
200 OK 5.0 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/counterup.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (7808), with CRLF line terminators
Hash 920fc2db5379487605f9869bcd91c3af
007f0416ce30bcf6f3f7a6cceed1640ef12a983f
14173c7f7db475bea459f51fc4f4d7803048e7e7760a25ba53022bdbedf7df92
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/counterup.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cd5bf"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/magnific-popup.min.js
200 OK 9.4 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/magnific-popup.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (21007), with CRLF line terminators
Hash 674cbb3eb5a0bdceb26f7ee2d4beb530
e66183bcb7b87d84f8b0fc9a7153596c8bff7bd8
74cd5cfea9b65cb0532f326ab66d272c37c20175437fed537d26ae0176942182
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/magnific-popup.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cb413"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/maps.js
200 OK 5.5 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/maps.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (674), with CRLF line terminators
Hash e8ca0bc9b766d88538d2061afef27889
ef8cf7cbe86584ec764f27fb366b490089c91e86
bd6b31c03e0076f67f3d2f4688e9253ed08e444eec2ea04b7af5eeb1b3e2f3ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/maps.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cbc0e"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/custom_jquery.js
200 OK 10 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/custom_jquery.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with CRLF line terminators
Hash 5fc35d43d9099e40225c7647ffbe1142
df397f8a2dd7906166a35fc63ca672dcd6c57b52
ce1c5901e5ae12d5a5b028fba7d10cc4f11baaf789b18c6afe7cad63b720e038
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/custom_jquery.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c4d75"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/js/logout.js
200 OK 243 B URL GET HTTP/1.1 134.0.213.182:3737/js/logout.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0769622485205149c28347b4c4d8da67
24441fe45993ee22260a37fb0c88b43502ac4ad8
9e1658e704dd1e53c807fd56af671a1dfcd4a803ca6a3b96e2a32e031e8cfe90
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/logout.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf32257dbf"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/markerclusterer.js
200 OK 10 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/markerclusterer.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with CRLF line terminators
Hash 5acc53f676437998aa01a07e1dc7a3d2
617b17b9b4d61ff6ff40e19573e479053204dacd
1b7a97409d471790fef990026c5b8e1a3d6d499390c48222188748a6ba11e744
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/markerclusterer.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c6eb5"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/infobox.min.js
200 OK 3.5 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/infobox.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (5986), with no line terminators
Hash 16a98d81a862c7951c82a88727fe1311
7a677be4227184173660b6f4bc98d881f33fa487
a1f01d3106b7787d8c187297656eabf20c84273b2265d5f00645460c600f45d0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/infobox.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cf1e2"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/js/slick.min.js
200 OK 14 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/js/slick.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (42862), with CRLF line terminators
Hash 777da4aaf5b960636dec0fd4e50ba489
9a94038ccae90e6d2a0f9cb61f79ae7c70320287
e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/js/slick.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c41f0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/js/masterconfiguration.js
200 OK 1.3 kB URL GET HTTP/1.1 134.0.213.182:3737/js/masterconfiguration.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 85ba476072d86e2cd720dd08a3e6281e
b4353e6349b68bb2faa97de8074ea9d3db65d229
f2750a2379349c5e89b1fb5802d6b055a0892cfdb40bc031a59c08c7fc593395
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/masterconfiguration.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Apr 2024 05:57:50 GMT
Accept-Ranges: bytes
ETag: "1da96d581290945"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/~/wwwroot/font/Tajawal-Regular.ttf
404 Not Found 458 B URL GET HTTP/1.1 134.0.213.182:3737/~/wwwroot/font/Tajawal-Regular.ttf
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type ASCII text, with CRLF line terminators
Hash 1f2082c77e14f2bc97930b0bc9abec5c
1fffa340db62c7cd8ac439fad277b75134f741d7
c61cb6225bf03d0f590d9dce7d6737a24ae9a9fecdd09359530afe59dbb2cf71
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /~/wwwroot/font/Tajawal-Regular.ttf HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
www.googletagmanager.com/gtag/js?id=G-PHJTWMY5RK&l=dataLayer&cx=c
200 OK 102 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-PHJTWMY5RK&l=dataLayer&cx=c
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (5955)
Size 102 kB (101646 bytes)
Hash aec81fb580e84817ba80e1ad98d82c7c
a3dbda70d1e51f7bbf44ea415ce8b61ce46b8766
d8032e11e6d96b60990418c9c6c24d677caca5dc288d07e103e754c9fbdebc76
GET /gtag/js?id=G-PHJTWMY5RK&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:41 GMT
expires: Sat, 04 May 2024 10:09:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101646
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
134.0.213.182:3737/js/upload-input.js
200 OK 66 kB URL GET HTTP/1.1 134.0.213.182:3737/js/upload-input.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with very long lines (390), with CRLF line terminators
Hash 4121e3902c827407383df2930831e02f
bf94221d0a65a2c37761377948ec08f6ed41b040
c566977ead0f19cf8499d6d5df29c5b65030e606c88f25f380be50c16c507b48
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/upload-input.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf3226dbe6"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/img/Makeen%20Logo%20Final-ai.png
200 OK 40 kB URL GET HTTP/1.1 134.0.213.182:3737/img/Makeen%20Logo%20Final-ai.png
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type PNG image data, 1054 x 389, 8-bit/color RGBA, non-interlaced
Hash b8e104ae455fd76b499458004fda578d
068329df35a9e5b0fbcd8c65ee1554b550a3c829
4cc112d829a7e7b49bd409072572c5d6abef592aa0dff53ffdb510af74f850ea
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/Makeen%20Logo%20Final-ai.png HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 39934
Content-Type: image/png
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c7d7e"
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/js/sortable.min.js
200 OK 24 kB URL GET HTTP/1.1 134.0.213.182:3737/js/sortable.min.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type JavaScript source, ASCII text, with CRLF line terminators
Hash f232dc04d16588a96dacfb824a5e3756
e550a90a15c28e32b0d51874d0f4eecba2ca9158
8bc624acbe13b09d40ec41111c62f249b3e8c124b274182fc17551d9ca62095d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/sortable.min.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 30 Jul 2023 08:24:02 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf32243ebb"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/js/acknowledgement.js
200 OK 662 B URL GET HTTP/1.1 134.0.213.182:3737/js/acknowledgement.js
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 70fde6cd686f3cba7e74dd739d0fa199
6c9b520a5c55e9f9b9bee081f666047380424457
f70ebae297b3b11edcc99199a293f84a689feb9d7e48e2300b994679f6fac568
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/acknowledgement.js HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 08 Jan 2024 05:40:34 GMT
Accept-Ranges: bytes
ETag: "1da41f5330afc50"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/img/Makeen%20Logo%20Final-ai-white.png
200 OK 32 kB URL GET HTTP/1.1 134.0.213.182:3737/img/Makeen%20Logo%20Final-ai-white.png
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type PNG image data, 1003 x 376, 8-bit/color RGBA, non-interlaced
Hash 9815101d5e47cb151b0f40d2aea55016
03d29ce4986dc8d5675d0fb0d0de6ba84d4dc95e
693b0efa90f1826de7083eff3ce23d1910f037417aead739466a2882446822c5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/Makeen%20Logo%20Final-ai-white.png HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 32415
Content-Type: image/png
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c981f"
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/font/Tajawal-Regular.ttf
200 OK 55 kB URL GET HTTP/1.1 134.0.213.182:3737/font/Tajawal-Regular.ttf
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type TrueType Font data, 15 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, (c) 2017 by Boutros International. All rights reserved.TajawalRegular1.000;1bou;Tajawal-RegularV
Hash d8304accb48d86d9361ad30569823a0d
f3c4f85dad20e30f20878022d0a26568555b7f97
497f243d6ef4f4360d55d4ebd474d5c9dc4d0891426e162f34fa37e7c37d90b5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /font/Tajawal-Regular.ttf HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/newcss/site.css
Cookie: _ga_XCEX0HF4Y2=GS1.1.1714817381.1.0.1714817381.0.0.0; _ga=GA1.1.1470798505.1714817381
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 55072
Content-Type: application/x-font-ttf
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c31a0"
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
200 OK 23 B URL GET HTTP/3 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://134.0.213.182:3737
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 04 May 2024 10:09:41 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: http://134.0.213.182:3737
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
134.0.213.182:3737/img/Makeen%20Logo%20Final%20small.png
200 OK 10 kB URL GET HTTP/1.1 134.0.213.182:3737/img/Makeen%20Logo%20Final%20small.png
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type PNG image data, 351 x 389, 8-bit/color RGBA, non-interlaced
Hash c4a30f350bb83d0e87e5656a9fb759b1
68674c69313651e04978df28eaa58935e584aa87
39203506baf730b09a4ab19e035e3bd59548c3ca2a3956746671f0d082e35b68
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/Makeen%20Logo%20Final%20small.png HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/login
Cookie: _ga_XCEX0HF4Y2=GS1.1.1714817381.1.0.1714817381.0.0.0; _ga=GA1.1.1470798505.1714817381; _ga_D7X77KDX9L=GS1.1.1714817381.1.0.1714817381.0.0.0; _ga_PHJTWMY5RK=GS1.1.1714817381.1.0.1714817381.0.0.0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 10469
Content-Type: image/png
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318cce65"
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
134.0.213.182:3737/rtl/fonts/Feather-Icons.ttf?7ncawf
200 OK 65 kB URL GET HTTP/1.1 134.0.213.182:3737/rtl/fonts/Feather-Icons.ttf?7ncawf
IP
ASN #28885 Oman Telecommunications Company (S.A.O.G)
Requested by http://134.0.213.182:3737/login
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, Feather-Icons
Hash 3eb9decb545cb1d9bf6415db49050f51
226a6783e54d86783c8d101b69c5aeea16461a38
41feee4bd25fc0558549eaadbc6a9db100a07805d4a562c9e7dd1c12d6780fb3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rtl/fonts/Feather-Icons.ttf?7ncawf HTTP/1.1
Host: 134.0.213.182:3737
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/rtl/css/icons.css
Cookie: _ga_XCEX0HF4Y2=GS1.1.1714817381.1.0.1714817381.0.0.0; _ga=GA1.1.1470798505.1714817381; _ga_D7X77KDX9L=GS1.1.1714817381.1.0.1714817381.0.0.0; _ga_PHJTWMY5RK=GS1.1.1714817381.1.0.1714817381.0.0.0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 65180
Content-Type: application/x-font-ttf
Last-Modified: Sun, 30 Jul 2023 08:24:01 GMT
Accept-Ranges: bytes
ETag: "1d9c2bf318c181c"
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Date: Sat, 04 May 2024 10:07:54 GMT
maps.googleapis.com/maps-api-v3/api/js/56/11/common.js
200 OK 57 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/56/11/common.js
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type JavaScript source, ASCII text, with very long lines (7036)
Hash c539ef27b29c256473721ade9a64cdf3
ff1d3c458af547b8ade347dca5d395b2f179a96a
69c1875ee6d8b36898661ebf5c49d5763a83e26c8cf353889283867c4dbffc6b
GET /maps-api-v3/api/js/56/11/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
timing-allow-origin: *
content-length: 57228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:01:06 GMT
expires: Fri, 02 May 2025 18:01:06 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 04:26:55 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 144520
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/56/11/util.js
200 OK 57 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/56/11/util.js
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type JavaScript source, ASCII text, with very long lines (562)
Hash 6b83f9fe82267b670ae8b10a07772c75
c7d70e3dc62c283fc1adfbf6797a684058ef18a2
30879513240591048e7ebec42b40fe68b006b44515b60c3dde3a0919d154ac25
GET /maps-api-v3/api/js/56/11/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
timing-allow-origin: *
content-length: 57227
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 09:00:17 GMT
expires: Sat, 03 May 2025 09:00:17 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 04:26:55 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 90569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
unpkg.com/boxicons@2.1.4/css/boxicons.min.css
200 OK 68 kB URL GET HTTP/2 unpkg.com/boxicons@2.1.4/css/boxicons.min.css
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 886ed8dd06c506c77cf226f4506b3c00
207fcedcbff6a05bb21711b173d879fc0416cd2d
620eea24b0cee1d8cc8395c80f295cf2e7b6fab962493c26b49a8d42b63a4dc9
GET /boxicons@2.1.4/css/boxicons.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:40 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "109bc-IH/O3L/2oFuyFxGxc9h5/AQWzS0"
via: 1.1 fly.io
fly-request-id: 01HWR4V5MM4EQ85800S7J1KZVB-arn
cf-cache-status: HIT
age: 315038
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e7b2521ff4568b-OSL
X-Firefox-Spdy: h2
unpkg.com/aos@2.3.1/dist/aos.js
200 OK 14 kB URL GET HTTP/2 unpkg.com/aos@2.3.1/dist/aos.js
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type JavaScript source, ASCII text, with very long lines (14239), with no line terminators
Hash 70b4897108480dbe11c443c2ab7679c9
70dbfd38a0f1fc3b1a7d9fadab58786484c34f17
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
GET /aos@2.3.1/dist/aos.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:40 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Thu, 17 May 2018 22:11:13 GMT
etag: "379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
via: 1.1 fly.io
fly-request-id: 01HWR4V0DAS96HY7329QE7KJFZ-arn
cf-cache-status: HIT
age: 315042
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e7b2522803568b-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
200 OK 23 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type ASCII text, with very long lines (1572)
Hash edc63a7359b3961a3ec9870794533c77
43b093eae58243c6ab8f491a8475b5f2de2b52a5
9a2d8b2d5c6ff24f9613926f193921377e2845260b63f64cb2b3223006427532
GET /css?family=Open+Sans:400,600,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:09:40 GMT
date: Sat, 04 May 2024 10:09:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
unpkg.com/aos@2.3.1/dist/aos.css
200 OK 26 kB URL GET HTTP/2 unpkg.com/aos@2.3.1/dist/aos.css
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type ASCII text, with very long lines (26053), with no line terminators
Hash 847da8fca8060ca1a70f976aab1210b9
0557d37454b67f42f2cb101e57e5070fb1193570
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
GET /aos@2.3.1/dist/aos.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:40 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Thu, 17 May 2018 22:11:13 GMT
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
via: 1.1 fly.io
fly-request-id: 01HWQWRTV4SST6S1JY46JMBW7K-arn
cf-cache-status: HIT
age: 323503
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e7b2521ffc568b-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito:300,400,600,700,800&display=swap
200 OK 8.8 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Nunito:300,400,600,700,800&display=swap
IP
Requested by http://134.0.213.182:3737/login
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type ASCII text, with very long lines (9045), with no line terminators
Hash d12a50125eb8b1cf4174631eb6db34e5
041e4c3a75b8b0ecd689c7d1eb11e9d0391f8a3d
f830284d989106291fe61da815678a080e9de5cb9eab5ea38a33a581a4789cb9
GET /css?family=Nunito:300,400,600,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://134.0.213.182:3737/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:09:40 GMT
date: Sat, 04 May 2024 10:09:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
134.0.213.182
142.250.74.168
104.17.249.203