Report - 54.68.76.231/login.php

Report Overview

Visited public
2023-10-04 09:29:22
Tags
Submit Tags
URL
54.68.76.231/login.php
Finishing URL
54.68.76.231/login.php
IP / ASN
54.68.76.231
#16509 AMAZON-02
Title
EIDEWS | Yemen

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
54.68.76.231	unknown	unknown	No data	No data	9.6 kB	461 kB	54.68.76.231
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-03 20:33:07	374 B	1.3 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-04 00:35:55	1.4 kB	148 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed
2023-10-04	medium	54.68.76.231	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	54.68.76.231/common/assets/admin/pages/scripts/login.js	ScriptElement	8.2 kB	2023-10-04	2023-10-04
Pretty URL 54.68.76.231/common/assets/admin/pages/scripts/login.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-04 11:29 Last Seen2023-10-04 11:29 Times Seen1 Hash bd5ce989016ef5ee4cf1e16a27bee866 f803a4c07b39db12a1f0bacab598e85939ef53a8 2340027cc368df26e62d9fd3468b1b48ace93ae217446fe6b9a17df48ab48c23 Loading...

	54.68.76.231/common/assets/global/plugins/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-07-01
Pretty URL 54.68.76.231/common/assets/global/plugins/jquery.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:50 Last Seen2025-07-01 09:53 Times Seen282 Hash 00f66eada2c54b64a3f632747ce1fe2d a4837154098ac13ccd72e08fd25d7bcf76826986 100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1 Loading...

	54.68.76.231/common/assets/global/plugins/jquery-migrate.min.js	ScriptElement	7.2 kB	2023-03-07	2025-07-02
Pretty URL 54.68.76.231/common/assets/global/plugins/jquery-migrate.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-07-02 04:07 Times Seen2492 Hash 512b871a2830e44259bc3ce3343afcd0 875bce76a77590c3c438bbc6e014b39c23c8c88d c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c Loading...

	54.68.76.231/common/assets/global/plugins/bootstrap/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-07-02
Pretty URL 54.68.76.231/common/assets/global/plugins/bootstrap/js/bootstrap.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-02 04:24 Times Seen7216 Hash 4becdc9104623e891fbb9d38bba01be4 6c264e0e0026ab5ece49350c6a8812398e696cbb 4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327 Loading...

	54.68.76.231/common/assets/global/scripts/metronic.js	ScriptElement	39 kB	2023-10-04	2025-05-03
Pretty URL 54.68.76.231/common/assets/global/scripts/metronic.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-04 11:29 Last Seen2025-05-03 18:45 Times Seen10 Hash 2d6b3ed78ff5be3f571ec62e9fc64515 0d15afe052317f3a9530b14a2fca665dc8b61f1d 56c710ac49fd65d31a30bd08a9e4a2aaaa2c007f6354ab9a9b7ec72d39432e76 Loading...

	54.68.76.231/common/assets/admin/layout/scripts/layout.js	ScriptElement	24 kB	2023-03-13	2025-05-03
Pretty URL 54.68.76.231/common/assets/admin/layout/scripts/layout.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:05 Last Seen2025-05-03 18:45 Times Seen10 Hash 74e4d0c9f1c2557222284575180cbc65 24ae05f9ad7cf69af94ff4df25383be123207164 a535858c85a4dfb797a262ee8d055da86da779ad6d4ff925a9250994ebad8abe Loading...

	54.68.76.231/common/assets/admin/layout/scripts/demo.js	ScriptElement	12 kB	2023-03-13	2024-11-09
Pretty URL 54.68.76.231/common/assets/admin/layout/scripts/demo.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:05 Last Seen2024-11-09 11:03 Times Seen14 Hash 88a5b5315cf920fb73c6bb8b10c7a3e4 b966dd33f88aeeffc55e0ae99f8914fffac63e38 8ec903838b71de657b6abecd79f4f5bdf65b96c852f085778e29b5f76d72cc8f Loading...

	54.68.76.231/login.php	ScriptElement	161 B	2024-08-21	2024-08-21
Pretty URL 54.68.76.231/login.php IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:15 Last Seen2024-08-21 05:15 Times Seen1 Hash d1447353cf79ce6cc355ac0b1409a782 ba1bb09f13a89837e03c01207f7749300eafbbc7 97c19850263d25b4fddc1bcac1f4309b4e712bcdffbfdd5fe1d67046649d381c Loading...

	54.68.76.231/common/assets/global/plugins/jquery.blockui.min.js	ScriptElement	9.5 kB	2023-03-10	2025-06-22
Pretty URL 54.68.76.231/common/assets/global/plugins/jquery.blockui.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 15:59 Last Seen2025-06-22 06:34 Times Seen61 Hash e93890fc8e1c9a7f83e7e2792537638d 85a478afc9f58e970e46810ef2c2bed06ea1cd46 0ebf9304d33dde79d3d520bea55d9058c282c3b75d275905ae977e6a301ad229 Loading...

	54.68.76.231/common/assets/global/plugins/uniform/jquery.uniform.min.js	ScriptElement	8.3 kB	2023-03-07	2025-07-02
Pretty URL 54.68.76.231/common/assets/global/plugins/uniform/jquery.uniform.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-07-02 00:33 Times Seen469 Hash 2842654782a75cbbc8cd66c60b72631d ef3a49fe1bcf31cca95cdee5563928a850a1b154 8a41d60f7762f2db0792fd909c3c09725f93d8fe1e94efcb2ca04293921e277a Loading...

	54.68.76.231/common/assets/global/plugins/jquery.cokie.min.js	ScriptElement	1.4 kB	2023-03-08	2025-06-22
Pretty URL 54.68.76.231/common/assets/global/plugins/jquery.cokie.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:52 Last Seen2025-06-22 06:34 Times Seen52 Hash 335dc8b45be6c669fdac8352b6d6a397 1e51856ebaa80a68d3db9c3ff7d7a6908d87bbb5 31134bea21a8908c70a21963924ee071b14cbce866dc8010432a349f17e23ae2 Loading...

	54.68.76.231/common/assets/global/plugins/jquery-validation/js/jquery.validate.min.js	ScriptElement	21 kB	2023-04-06	2025-06-30
Pretty URL 54.68.76.231/common/assets/global/plugins/jquery-validation/js/jquery.validate.min.js IP 54.68.76.231 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 21:12 Last Seen2025-06-30 02:31 Times Seen287 Hash 3c43ece3914ba205adce6a10fbfd0828 9a40a00ab7fe8c5993238fe9c4c6547c2dafb134 f075a7a9741e59caf10c40e916d8cbd01a4f1a6baed1f4d15b5019606e303e70 Loading...

HTTP Transactions (30)

URL IP Response Size

54.68.76.231/

54.68.76.231

197 B

URL
54.68.76.231/
IP
54.68.76.231:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
197 B (197 bytes)
Hash
ee9a348f720f5f0b7e2ce647ba1dff7f
982874b55c8ad23cd054f71293abe3a15cd9d34e
06fef24f1c713a02482ab7abeb6af081e7a541885531d1031738a702f876a898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:07 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 197
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET 54.68.76.231/login.php

54.68.76.231

5.2 kB

URL User Request GET
54.68.76.231/login.php
IP
54.68.76.231:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.2 kB (5168 bytes)
Hash
0ee3521790b36233eb98055d38560f37
9d62d446d7bbddbd9ef3f0a40610e50820e675e8
b366aa68d0d76f3061eb59a46f068c74b70ee2055ab72ae26dd71e9d33343d24

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:07 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5168
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all

142.250.74.106

200 OK

759 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
IP
142.250.74.106:80
ASN
#15169 GOOGLE

Requested by
http://54.68.76.231/login.php

File type
ASCII text
Size
759 B (759 bytes)
Hash
66a9ca8b0ece6f4e4c26e7698c44b93f
aa4016a0f88f822f5bceb251ef4d44a2070bc42f
e51ad7199e9e3f5f57fea10eda63e260e1aa75b7931ce146231485340509c76a

HTTP Headers

GET /css?family=Open+Sans:400,300,600,700&subset=all HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 04 Oct 2023 09:29:08 GMT
Date: Wed, 04 Oct 2023 09:29:08 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

GET 54.68.76.231/common/assets/global/plugins/font-awesome/css/font-awesome.min.css

54.68.76.231

200 OK

5.4 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/font-awesome/css/font-awesome.min.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (23577)
Size
5.4 kB (5443 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:56:17 GMT
ETag: "5cbb-586806a112e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5443
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/global/plugins/uniform/css/uniform.default.css

54.68.76.231

200 OK

2.2 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/uniform/css/uniform.default.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text
Size
2.2 kB (2203 bytes)
Hash
c526c6ad1d502a949bb8c2eaa513ad0e
485783614d1dd48dbce31a5bbed9a20e8e066b21
4dff4ca53241810c31e9f71ab3fe58a802fd04d4220b953bd366429bb326849c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/uniform/css/uniform.default.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:53:41 GMT
ETag: "2a63-586b6dc417340-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2203
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/admin/layout/css/themes/default.css

54.68.76.231

200 OK

4.1 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/layout/css/themes/default.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (740), with CRLF line terminators
Size
4.1 kB (4115 bytes)
Hash
3bdd28a6d2768e487f9d170b8930249c
ef26035ab282602f20a2b1ed7d705318f59a3812
44764889f2dd68e937d31e70c49b73e0841430ac31b11706c2bafc1f7fd614a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/layout/css/themes/default.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:45:40 GMT
ETag: "a5f5-5868044195500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4115
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/global/css/plugins.css

54.68.76.231

200 OK

8.7 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/css/plugins.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.7 kB (8714 bytes)
Hash
f6f24bdce3cc4374f8215a712684cb9c
b5165768b7f36ff46ca325179d09d9a1d3ce9b88
d7b0ea0f449ddf3513752a72a7760cd2c6ee71d86b0ba85d069821ed9b18be82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/css/plugins.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:47:37 GMT
ETag: "ca98-586804b129c40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8714
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/admin/pages/css/login2.css

54.68.76.231

200 OK

1.1 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/pages/css/login2.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1072 bytes)
Hash
e478e4770e315525791edd4b4a8fe091
271a868bf05e1f348a9b5963e088db6e653e8b4a
7dcf12592bf0e6a733cda92cc841d9ba0a0ae1a4c8722c607e7364536f32e35d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/pages/css/login2.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:46:35 GMT
ETag: "11aa-58680476090c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1072
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/admin/layout/css/layout.css

54.68.76.231

200 OK

10 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/layout/css/layout.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
10 kB (10101 bytes)
Hash
79c09a0d5e0cd3a37f51eb648fbc7ae7
2adef6ec3572e61ea9afc81ddac7d64707421cdc
35c333ff88b23eea64132f0c714938918b92b6e4e48426a55ce078e3ee20b833

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/layout/css/layout.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:45:02 GMT
ETag: "145a5-5868041d57f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10101
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/admin/layout/css/custom.css

54.68.76.231

200 OK

378 B

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/layout/css/custom.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
378 B (378 bytes)
Hash
57a46270100b879cbe684ded301f4186
dd463ecefe3f18e14b6a4408a25519af857c5eae
b7580cf8e0c3f5851709c16f6081e64677a9d2c9d3317058d85dac552535effa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/layout/css/custom.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:45:02 GMT
ETag: "54d-5868041d57f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 378
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/global/plugins/jquery-migrate.min.js

54.68.76.231

200 OK

3.1 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/jquery-migrate.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (7085), with CRLF line terminators
Size
3.1 kB (3068 bytes)
Hash
512b871a2830e44259bc3ce3343afcd0
875bce76a77590c3c438bbc6e014b39c23c8c88d
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/jquery-migrate.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:56:20 GMT
ETag: "1c20-586b6e5bb9900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3068
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/jquery.blockui.min.js

54.68.76.231

200 OK

3.5 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/jquery.blockui.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (9135), with CRLF line terminators
Size
3.5 kB (3530 bytes)
Hash
e93890fc8e1c9a7f83e7e2792537638d
85a478afc9f58e970e46810ef2c2bed06ea1cd46
0ebf9304d33dde79d3d520bea55d9058c282c3b75d275905ae977e6a301ad229

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/jquery.blockui.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:54:27 GMT
ETag: "2548-586b6deff5ac0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3530
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/bootstrap/js/bootstrap.min.js

54.68.76.231

200 OK

9.7 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/bootstrap/js/bootstrap.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (32034)
Size
9.7 kB (9745 bytes)
Hash
4becdc9104623e891fbb9d38bba01be4
6c264e0e0026ab5ece49350c6a8812398e696cbb
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:59:29 GMT
ETag: "8fd0-586807582de40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9745
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/css/components.css

54.68.76.231

200 OK

43 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/css/components.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (511), with CRLF line terminators
Size
43 kB (43007 bytes)
Hash
841dc42860fbd4a23e0a2c714546ee7a
23356abca92d679ad7a9b9715f88cb3ce17e222a
158d5ddc46798b597eb534c871da4bfb591964420c7de253d3c35c58c23e0b46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/css/components.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:47:36 GMT
ETag: "5f93b-586804b035a00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 43007
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET 54.68.76.231/common/assets/global/plugins/uniform/jquery.uniform.min.js

54.68.76.231

200 OK

3.0 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/uniform/jquery.uniform.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (8308), with no line terminators
Size
3.0 kB (3035 bytes)
Hash
2842654782a75cbbc8cd66c60b72631d
ef3a49fe1bcf31cca95cdee5563928a850a1b154
8a41d60f7762f2db0792fd909c3c09725f93d8fe1e94efcb2ca04293921e277a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/uniform/jquery.uniform.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:53:36 GMT
ETag: "2074-586b6dbf52800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3035
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/jquery.min.js

54.68.76.231

200 OK

33 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/jquery.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (32047), with CRLF line terminators
Size
33 kB (33287 bytes)
Hash
00f66eada2c54b64a3f632747ce1fe2d
a4837154098ac13ccd72e08fd25d7bcf76826986
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/jquery.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 10:02:15 GMT
ETag: "176bd-586b6fae477c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33287
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/scripts/metronic.js

54.68.76.231

200 OK

8.4 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/scripts/metronic.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (338), with CRLF line terminators
Size
8.4 kB (8381 bytes)
Hash
2d6b3ed78ff5be3f571ec62e9fc64515
0d15afe052317f3a9530b14a2fca665dc8b61f1d
56c710ac49fd65d31a30bd08a9e4a2aaaa2c007f6354ab9a9b7ec72d39432e76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/scripts/metronic.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:48:14 GMT
ETag: "97e0-586804d472f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8381
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/jquery.cokie.min.js

54.68.76.231

200 OK

777 B

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/jquery.cokie.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (1143), with CRLF line terminators
Size
777 B (777 bytes)
Hash
335dc8b45be6c669fdac8352b6d6a397
1e51856ebaa80a68d3db9c3ff7d7a6908d87bbb5
31134bea21a8908c70a21963924ee071b14cbce866dc8010432a349f17e23ae2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/jquery.cokie.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:53:51 GMT
ETag: "570-586b6dcda09c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 777
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/jquery-validation/js/jquery.validate.min.js

54.68.76.231

200 OK

6.8 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/jquery-validation/js/jquery.validate.min.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
Unicode text, UTF-8 text, with very long lines (20952), with CRLF line terminators
Size
6.8 kB (6807 bytes)
Hash
37393e7134311accfe3a8ca6e7e96038
57cfd42c3cbbbd7bf7d71e88d7115a883ff7ec28
a1a4b0d05489daed2aa466b2df92fb6ae5749a7f13db41a75c87991bed2fa30d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/jquery-validation/js/jquery.validate.min.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:58:16 GMT
ETag: "5265-586807128fa00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6807
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/admin/layout/scripts/layout.js

54.68.76.231

200 OK

4.5 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/layout/scripts/layout.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
4.5 kB (4464 bytes)
Hash
74e4d0c9f1c2557222284575180cbc65
24ae05f9ad7cf69af94ff4df25383be123207164
a535858c85a4dfb797a262ee8d055da86da779ad6d4ff925a9250994ebad8abe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/layout/scripts/layout.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:45:35 GMT
ETag: "5ed4-5868043cd09c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4464
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/admin/layout/scripts/demo.js

54.68.76.231

200 OK

2.2 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/layout/scripts/demo.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
2.2 kB (2190 bytes)
Hash
88a5b5315cf920fb73c6bb8b10c7a3e4
b966dd33f88aeeffc55e0ae99f8914fffac63e38
8ec903838b71de657b6abecd79f4f5bdf65b96c852f085778e29b5f76d72cc8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/layout/scripts/demo.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:45:35 GMT
ETag: "2db2-5868043cd09c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2190
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/admin/pages/scripts/login.js

54.68.76.231

200 OK

1.4 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/admin/pages/scripts/login.js
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with CRLF line terminators
Size
1.4 kB (1449 bytes)
Hash
bd5ce989016ef5ee4cf1e16a27bee866
f803a4c07b39db12a1f0bacab598e85939ef53a8
2340027cc368df26e62d9fd3468b1b48ace93ae217446fe6b9a17df48ab48c23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/admin/pages/scripts/login.js HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:46:52 GMT
ETag: "200a-586804863f700-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1449
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/javascript

GET 54.68.76.231/common/assets/global/plugins/simple-line-icons/simple-line-icons.min.css

54.68.76.231

404 Not Found

274 B

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/simple-line-icons/simple-line-icons.min.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
94f10cea91f83b718f7c26e74a8c6752
f97480dbd15707a255b28103aaef86c9e0befa0c
15ec98be798ca592d9b75830e0dafc70da8f08b824fdf154c5f04e623fdc4533

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/simple-line-icons/simple-line-icons.min.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 274
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET 54.68.76.231/common/assets/global/plugins/bootstrap/css/bootstrap.min.css

54.68.76.231

200 OK

20 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/bootstrap/css/bootstrap.min.css
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
ASCII text, with very long lines (65371)
Size
20 kB (19883 bytes)
Hash
5d5357cb3704e1f43a1f5bfed2aebf42
08df9a96752852f2cbd310c30facd934e348c2c5
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 14 Apr 2019 16:59:18 GMT
ETag: "1deac-5868074db0580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19883
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

GET fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://54.68.76.231/login.php

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.68.76.231
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48432
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Oct 2023 01:25:50 GMT
Expires: Wed, 02 Oct 2024 01:25:50 GMT
Cache-Control: public, max-age=31536000
Age: 115399
Last-Modified: Thu, 14 Sep 2023 00:40:31 GMT
Content-Type: font/woff2

GET fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://54.68.76.231/login.php

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.68.76.231
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48432
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Oct 2023 01:25:50 GMT
Expires: Wed, 02 Oct 2024 01:25:50 GMT
Cache-Control: public, max-age=31536000
Age: 115399
Last-Modified: Thu, 14 Sep 2023 00:40:31 GMT
Content-Type: font/woff2

GET fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://54.68.76.231/login.php

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://54.68.76.231
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48432
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Oct 2023 01:25:50 GMT
Expires: Wed, 02 Oct 2024 01:25:50 GMT
Cache-Control: public, max-age=31536000
Age: 115399
Last-Modified: Thu, 14 Sep 2023 00:40:31 GMT
Content-Type: font/woff2

GET 54.68.76.231/common/assets/global/plugins/uniform/images/sprite.png

54.68.76.231

200 OK

32 kB

URL GET HTTP/1.1
54.68.76.231/common/assets/global/plugins/uniform/images/sprite.png
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
PNG image data, 493 x 763, 8-bit/color RGBA, non-interlaced\012- data
Size
32 kB (31815 bytes)
Hash
df1806757c37694a921087a7f2b557c8
6ff6e5ef9f45596fc66c1159f288778c62fcab66
c1ed62a9126b48a98651486945795900350a4d0921e9d9d41f3c9b312573c499

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/assets/global/plugins/uniform/images/sprite.png HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/common/assets/global/plugins/uniform/css/uniform.default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 17 Apr 2019 09:53:48 GMT
ETag: "7c47-586b6dcac4300"
Accept-Ranges: bytes
Content-Length: 31815
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

GET 54.68.76.231/common/images/eIDEWS_header.gif

54.68.76.231

200 OK

244 kB

URL GET HTTP/1.1
54.68.76.231/common/images/eIDEWS_header.gif
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
PNG image data, 1317 x 197, 8-bit/color RGBA, non-interlaced\012- data
Size
244 kB (243583 bytes)
Hash
9e446f4657fe682933cb0c5d0e734bc2
75dbf0c6c62e2c29610271f7731daf5241c3855d
efb57f209ae83c8427c9ea2711294ef5f31148fa1b99a4fa2f1ee4ead3e98de4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/images/eIDEWS_header.gif HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 09:29:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sat, 07 Aug 2021 19:32:49 GMT
ETag: "3b77f-5c8fd379efa40"
Accept-Ranges: bytes
Content-Length: 243583
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

GET 54.68.76.231/favicon.ico

54.68.76.231

404 Not Found

274 B

URL GET HTTP/1.1
54.68.76.231/favicon.ico
IP
54.68.76.231:80
ASN
#16509 AMAZON-02

Requested by
http://54.68.76.231/login.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
94f10cea91f83b718f7c26e74a8c6752
f97480dbd15707a255b28103aaef86c9e0befa0c
15ec98be798ca592d9b75830e0dafc70da8f08b824fdf154c5f04e623fdc4533

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 54.68.76.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://54.68.76.231/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 04 Oct 2023 09:29:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 274
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by