Report - 222.99.27.132/

Report Overview

Submitted URL
222.99.27.132/
IP
222.99.27.132
ASN
#4766 Korea Telecom
Submitted
2023-02-04 23:42:39
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
72

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
222.99.27.132	unknown			7.0 kB	674 kB	222.99.27.132
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.163.1.35
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	41 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	222.99.27.132/	Malware
2023-02-04	medium	222.99.27.132/js/json.js	Malware
2023-02-04	medium	222.99.27.132/js/jquery.qrcode.min.js	Malware
2023-02-04	medium	222.99.27.132/js/qrcode.js	Malware
2023-02-04	medium	222.99.27.132/js/jquery-1.11.1.min.js	Malware
2023-02-04	medium	222.99.27.132/js/jcookie.js	Malware
2023-02-04	medium	222.99.27.132/ligerUI/js/ligerui.min.js	Malware
2023-02-04	medium	222.99.27.132/js/CProgress.js	Malware
2023-02-04	medium	222.99.27.132/js/common.js	Malware
2023-02-04	medium	222.99.27.132/js/class.js	Malware
2023-02-04	medium	222.99.27.132/js/main.js	Malware
2023-02-04	medium	222.99.27.132/js/language.js	Malware
2023-02-04	medium	222.99.27.132/html/webplugin.html	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed
2023-02-04	medium	222.99.27.132	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	222.99.27.132/js/common.js	36 kB	2023-03-08	2024-02-12
Pretty URL 222.99.27.132/js/common.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:43:22 Last Seen2024-02-12 19:57:36 Times Seen60 Hash a3c990a3d85712a38204c1c43ba491f5 907d276eba21cbc7e88056bb0128645560908f31 ed29a91df3e38dcaea13f2797b92b687bb3047f50e1d60ffb74e903efda9e64e Loading...

	222.99.27.132/js/language.js	127 kB	2023-03-08	2024-02-12
Pretty URL 222.99.27.132/js/language.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:43:22 Last Seen2024-02-12 19:57:36 Times Seen60 Hash 7380e1d733ba653f953c011e03dfc1de e621eb2703d14af8492be3444a1120dabb693391 e04826143b53b119224fcfa801a7f141fb054081902a58aea5af7ea72696a17b Loading...

	222.99.27.132/js/main.js	91 kB	2023-03-08	2023-03-29
Pretty URL 222.99.27.132/js/main.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:14:25 Last Seen2023-03-29 23:00:08 Times Seen3 Hash 00b679488a90b8b76c14a08e91c5a14d d6c474dbdc1c283e4cb13925d48a7ac324116f81 d9559c4f591bdd9338cc93492b66def27b523aaf8665dd5f6d29a705bdce0f01 Loading...

	222.99.27.132/js/qrcode.js	28 kB	2023-03-07	2024-03-02
Pretty URL 222.99.27.132/js/qrcode.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:51 Last Seen2024-03-02 12:05:29 Times Seen487 Hash 2cfb76dea8f3f4710f8ea1748b194ceb e52905594f898d470f5febeab1e847106da121aa 8aa7a76905121bb11504ede33557f03f375cfcd5d9777eb68579426086840d0a Loading...

	222.99.27.132/js/class.js	62 kB	2023-03-08	2023-03-29
Pretty URL 222.99.27.132/js/class.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:43:21 Last Seen2023-03-29 23:00:08 Times Seen4 Hash fa08f2cd379ccc20185f8748028cb447 09aaa650580f020cba21069f7567eeb2df068f89 84980d877ea441baf105edd9f58d4e10304b591fe25c36db26f485f6d29adf20 Loading...

	222.99.27.132/js/jcookie.js	1.7 kB	2023-03-07	2024-02-28
Pretty URL 222.99.27.132/js/jcookie.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:30 Last Seen2024-02-28 00:50:31 Times Seen423 Hash f2310f3108ac77f804b8d85a50d20915 bac1b13a6d66c8714865f8c86b0649186fd11ea7 d41818c43a35ca5cd31f95fae6d34daee46ca8e58a5b00c08950218d3d82efeb Loading...

	222.99.27.132/js/CProgress.js	2.4 kB	2023-03-07	2024-02-28
Pretty URL 222.99.27.132/js/CProgress.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:34 Last Seen2024-02-28 00:50:31 Times Seen663 Hash bc9e0142e6cb186e59bf3fdf275d1aff 237347d2b2a22767dcf513ead052af80c569afa6 208246414a3fc2e2a52885ea002913749ba455038ee019be51f83865045a78da Loading...

	222.99.27.132/	1.5 kB	2023-03-07	2023-04-05
Pretty URL 222.99.27.132/ IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:31 Last Seen2023-04-05 02:12:01 Times Seen19 Hash 282fc5973d67b6a4ae792dc0f5062415 bc78f72ce952439bf242e19c4cab66062b4f853c 44605fd29bfda355a418707c0a33e78d59a6d2a41fccee4e83022f11fbf46503 Loading...

	222.99.27.132/html/webplugin.html	1.6 kB	2023-03-07	2023-04-05
Pretty URL 222.99.27.132/html/webplugin.html IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:31 Last Seen2023-04-05 02:12:01 Times Seen39 Hash 93b6465128e3f33c8d9a1faa0f83b27e c5996f76ee1cef688145ad0828c2a8888e78911d 26e836b0fdb537c2202b1621b7ebc9ef2981a747edc13918e9fc337a875dce74 Loading...

	222.99.27.132/js/jquery.qrcode.min.js	14 kB	2023-03-07	2024-04-25
Pretty URL 222.99.27.132/js/jquery.qrcode.min.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:08 Last Seen2024-04-25 11:55:32 Times Seen1730 Hash 05f0b1d7d4b9b0b4975870606d650e3c f424bd339870510d1160d1c5da5d698aedbb452e f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d Loading...

	222.99.27.132/	233 B	2023-03-08	2023-03-29
Pretty URL 222.99.27.132/ IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:14:25 Last Seen2023-03-29 23:00:08 Times Seen3 Hash 623018dd46e5049c2337d2d427dc57c3 aa617a820b3ac4e0ebfb296a77f52caad0794873 062158f6a036f4e0baa0dc5fac1ba5b9caafeaf43f1a0989d551238b374e8e97 Loading...

	222.99.27.132/js/json.js	5.0 kB	2023-03-07	2024-04-15
Pretty URL 222.99.27.132/js/json.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:51 Last Seen2024-04-15 00:47:35 Times Seen836 Hash 34f7231a0a213167e801318716261d1e f9383563b79b1df26542b6ede395bb8d1213f904 5b7242ed8e6fe3e6afec7c014b7c66fc1bd68a7b2e0d2706ffaab7876ab8f94a Loading...

	222.99.27.132/js/jquery-1.11.1.min.js	96 kB	2023-03-07	2024-04-25
Pretty URL 222.99.27.132/js/jquery-1.11.1.min.js IP 222.99.27.132 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 17:58:13 Times Seen46344 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 18:34:08 Times Seen37069599 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (41)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12632
Expires: Sun, 05 Feb 2023 03:13:00 GMT
Date: Sat, 04 Feb 2023 23:42:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16175
Expires: Sun, 05 Feb 2023 04:12:03 GMT
Date: Sat, 04 Feb 2023 23:42:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 23:36:16 GMT
content-type: application/json
age: 372
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4385
Expires: Sun, 05 Feb 2023 00:55:33 GMT
Date: Sat, 04 Feb 2023 23:42:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: /bp4kPE1bmthtSeF56tylShjLdcFJWn3z48G7oZA9lZHHtdLdqnOtFcRNOnv7XUEljyKgWL2sOE=
x-amz-request-id: BEHJ0KZPCMHJY5CD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 22:53:01 GMT
age: 2967
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:42:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 23:07:19 GMT
age: 2110
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

222.99.27.132/

222.99.27.132

200 OK

21 kB

URL HTTP/1.1
222.99.27.132/
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
21 kB (21240 bytes)
Hash
645d89cb6e95f59b47b3652686d1ccbe
b16003e62c9927880896920049ecfee4ae23ac91
869cbbe57eee4f0a727a7665d3376d3bde6a2e0f4b1af1a811d74b0921fda4f0

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:00 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 21240
Last-Modified: Fri, 03 Jun 2016 04:19:46 GMT
Content-Type: text/html

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13184
Expires: Sun, 05 Feb 2023 03:22:13 GMT
Date: Sat, 04 Feb 2023 23:42:29 GMT
Connection: keep-alive

222.99.27.132/css/main.css

222.99.27.132

200 OK

16 kB

URL HTTP/1.1
222.99.27.132/css/main.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
16 kB (16313 bytes)
Hash
b945079fcf7b2ec6393b1f8d3a3d5143
015b31477e736adf7f94996efa5dc6be7b221832
9817523153f1cf44fd4116446420665c2857cec08087e889ec63a2c4b5572e90

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/main.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:00 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 16313
Last-Modified: Mon, 23 May 2016 06:17:20 GMT
Content-Type: text/css

222.99.27.132/ligerUI/skins/Aqua/css/ligerui-all.css

222.99.27.132

200 OK

106 B

URL HTTP/1.1
222.99.27.132/ligerUI/skins/Aqua/css/ligerui-all.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text
Size
106 B (106 bytes)
Hash
08915761b35e17f7112b8ffc32a826a0
c4acbe5778eabc1a0c93fc44463661dd3d99e9a8
0b0b364228a46d51cd953a08b51bd8040f4cfdafc06297c12fe61d6f6dd43518

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ligerUI/skins/Aqua/css/ligerui-all.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 106
Last-Modified: Wed, 14 Oct 2015 05:56:46 GMT
Content-Type: text/css

push.services.mozilla.com/

35.163.1.35

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.1.35:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P9On6H+0CsbptM79QbHMrA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BlJj/5R+fqHZW/qKrkMcodTW+DE=

222.99.27.132/html/cfg/css.css

222.99.27.132

200 OK

17 kB

URL HTTP/1.1
222.99.27.132/html/cfg/css.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (428), with CRLF line terminators
Size
17 kB (16742 bytes)
Hash
3eebeb4004edbfc5c7e49ede9a936054
9a63a64d029e511f1700132a7dcd9d00e0d26b88
9d07a04a28137e2a9fad9f9be89f5f24eac35606ccfb143eb25a5e53cdf367de

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /html/cfg/css.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 16742
Last-Modified: Fri, 20 May 2016 02:24:46 GMT
Content-Type: text/css

222.99.27.132/js/json.js

222.99.27.132

200 OK

5.0 kB

URL HTTP/1.1
222.99.27.132/js/json.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text
Size
5.0 kB (4955 bytes)
Hash
34f7231a0a213167e801318716261d1e
f9383563b79b1df26542b6ede395bb8d1213f904
5b7242ed8e6fe3e6afec7c014b7c66fc1bd68a7b2e0d2706ffaab7876ab8f94a

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/json.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 4955
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

222.99.27.132/js/jquery.qrcode.min.js

222.99.27.132

200 OK

14 kB

URL HTTP/1.1
222.99.27.132/js/jquery.qrcode.min.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (544)
Size
14 kB (13995 bytes)
Hash
05f0b1d7d4b9b0b4975870606d650e3c
f424bd339870510d1160d1c5da5d698aedbb452e
f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/jquery.qrcode.min.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 13995
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

222.99.27.132/ligerUI/skins/Aqua/css/ligerui-common.css

222.99.27.132

200 OK

5.4 kB

URL HTTP/1.1
222.99.27.132/ligerUI/skins/Aqua/css/ligerui-common.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (581), with CRLF line terminators
Size
5.4 kB (5379 bytes)
Hash
171c0be8907e5d3e2332fa2c8f8546b4
ef74619e5ca1d0e2233a501df354342fdf44ab1d
7dbcdcf21fac47de56f206c8f4af2ed67b47a8d34aa94796711f3f3ebf4dafb7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ligerUI/skins/Aqua/css/ligerui-common.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/ligerUI/skins/Aqua/css/ligerui-all.css

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 5379
Last-Modified: Wed, 14 Oct 2015 05:56:46 GMT
Content-Type: text/css

222.99.27.132/js/qrcode.js

222.99.27.132

200 OK

28 kB

URL HTTP/1.1
222.99.27.132/js/qrcode.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with CRLF line terminators
Size
28 kB (28476 bytes)
Hash
2cfb76dea8f3f4710f8ea1748b194ceb
e52905594f898d470f5febeab1e847106da121aa
8aa7a76905121bb11504ede33557f03f375cfcd5d9777eb68579426086840d0a

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/qrcode.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 28476
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

222.99.27.132/ligerUI/skins/Aqua/css/ligerui-dialog.css

222.99.27.132

200 OK

12 kB

URL HTTP/1.1
222.99.27.132/ligerUI/skins/Aqua/css/ligerui-dialog.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (305), with CRLF line terminators
Size
12 kB (12263 bytes)
Hash
684721a56d2ed66875c1bf509c9879c6
9b90f903ae0e44ff5a0d4217486be2928eed889b
38eaae1c9346bd246a9a4821b12b7d4261c7cc4db644839df5ecf793015404a8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ligerUI/skins/Aqua/css/ligerui-dialog.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/ligerUI/skins/Aqua/css/ligerui-all.css

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 12263
Last-Modified: Wed, 14 Oct 2015 05:56:46 GMT
Content-Type: text/css

222.99.27.132/ligerUI/skins/Aqua/css/ligerui-grid.css

222.99.27.132

200 OK

16 kB

URL HTTP/1.1
222.99.27.132/ligerUI/skins/Aqua/css/ligerui-grid.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
16 kB (15546 bytes)
Hash
61c53696a660c837f2ff338e133cb438
be733f7d61cd4140a2701bc7ecc0ec8b342ef9fa
2f206b4e1bcb6ce75ba3fb539dc7cd113b0f90da37182f3395cfe61b17d36f3c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ligerUI/skins/Aqua/css/ligerui-grid.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/ligerUI/skins/Aqua/css/ligerui-all.css

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 15546
Last-Modified: Wed, 14 Oct 2015 05:56:46 GMT
Content-Type: text/css

222.99.27.132/js/jquery-1.11.1.min.js

222.99.27.132

200 OK

96 kB

URL HTTP/1.1
222.99.27.132/js/jquery-1.11.1.min.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (32086)
Size
96 kB (95786 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/jquery-1.11.1.min.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 95786
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

222.99.27.132/js/jcookie.js

222.99.27.132

200 OK

1.7 kB

URL HTTP/1.1
222.99.27.132/js/jcookie.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1677 bytes)
Hash
f2310f3108ac77f804b8d85a50d20915
bac1b13a6d66c8714865f8c86b0649186fd11ea7
d41818c43a35ca5cd31f95fae6d34daee46ca8e58a5b00c08950218d3d82efeb

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/jcookie.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 1677
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

222.99.27.132/ligerUI/js/ligerui.min.js

222.99.27.132

200 OK

136 kB

URL HTTP/1.1
222.99.27.132/ligerUI/js/ligerui.min.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ISO-8859 text, with very long lines (4671), with CRLF line terminators
Size
136 kB (135881 bytes)
Hash
6ff162554a4af4bdfc987ef94e118c5d
3e42873f2466a3359f1daf3adbcb50b2a84bf527
8e10fc96a223aed4ba0e6e51c50bb8a780208423f2fd7a2a3754662e0afeeb1d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /ligerUI/js/ligerui.min.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:01 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 135881
Last-Modified: Wed, 14 Oct 2015 05:56:46 GMT
Content-Type: application/javascript

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12094
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:42:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12094
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:42:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12094
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:42:30 GMT
Connection: keep-alive

222.99.27.132/js/CProgress.js

222.99.27.132

200 OK

2.4 kB

URL HTTP/1.1
222.99.27.132/js/CProgress.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
2.4 kB (2400 bytes)
Hash
bc9e0142e6cb186e59bf3fdf275d1aff
237347d2b2a22767dcf513ead052af80c569afa6
208246414a3fc2e2a52885ea002913749ba455038ee019be51f83865045a78da

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/CProgress.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=998
Content-Length: 2400
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: application/javascript

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12094
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:42:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8691 bytes)
Hash
bbb38d805862a1b3081eebf256e0dae0
4a5cb01390d897be8721cd4551c74d0452aff640
02443891d0533f37fe38b16febafc86fa64c457dc1827b97ec535d623486d549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: 51bb839e-c32c-4be9-9f38-7f8044160e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLgFPqIAMFfww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22716-3794126b47a79aed27e1aac4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9du1ien5j1WSLplBzT5AAV-xIPKNgg4-8tdjux_iEGXNGaCcj29Xog==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 03:37:50 GMT
age: 72280
etag: "4a5cb01390d897be8721cd4551c74d0452aff640"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6434 bytes)
Hash
0d632f8be93820b9746f76146fe3ff0e
7e5e9b16819af678ba84ddb6f45c073e659e2f4e
26ad66cf5e4fe4de99ad31b5c4f0fa3d05c085be04610de8ad80989528c100bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6434
x-amzn-requestid: ccf74c35-c654-4a9a-8121-ab27fc4cd862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WWYFbJoAMFgSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f5-10dedb6a287acd2b10cdfdb4;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3bv0yNuzTWh742AZFesuU0caKmg0nMFc3P0bLYkhGd-TAeg5R9W_vQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:24 GMT
age: 5526
etag: "7e5e9b16819af678ba84ddb6f45c073e659e2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3474 bytes)
Hash
d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:58 GMT
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
age: 5492
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

222.99.27.132/js/common.js

222.99.27.132

200 OK

9.3 kB

URL HTTP/1.1
222.99.27.132/js/common.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9290 bytes)
Hash
eaca60722d35484e7cad5e6521465c75
470c81f1cab13436da9f94e97bb152fc9d01ad04
8c75170cdf9f6b97aef972568348aa4e6d67486ad1fdb7aa9d346e1cc8ae9df7

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/common.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 36356
Last-Modified: Tue, 24 May 2016 03:05:54 GMT
Content-Type: application/javascript

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6202 bytes)
Hash
251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 38204
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10905 bytes)
Hash
1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jIvBQjGh9JzWQM0YpEYiqP5CcBrkwqLVjAYhMWJ1P1H0MRkm7kpnpg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:12:06 GMT
age: 5424
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

222.99.27.132/css/login.css

222.99.27.132

200 OK

395 B

URL HTTP/1.1
222.99.27.132/css/login.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with CRLF line terminators
Size
395 B (395 bytes)
Hash
0a2b0765e3de47c3ef327c9cf6e0d22b
613600c7df90eada036d983d1de1de85e3a95988
949043f7877ec027c4efd93ac1c91960dbc8a361f0c970cb5cb5f3f197e0bb04

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/login.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 395
Last-Modified: Wed, 27 Apr 2016 11:08:20 GMT
Content-Type: text/css

222.99.27.132/js/class.js

222.99.27.132

200 OK

62 kB

URL HTTP/1.1
222.99.27.132/js/class.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
62 kB (62285 bytes)
Hash
7be2e66ca205917bdc794242bd814e26
44283afc31ed6babf4e29063e5fcf51398ad4ba7
b78f0110b561e02b3056fbd8bcc514ec8795f46ef19f42a1b170a02b0b0644e3

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/class.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=998
Content-Length: 62285
Last-Modified: Tue, 24 May 2016 03:05:46 GMT
Content-Type: application/javascript

222.99.27.132/css/right.css

222.99.27.132

200 OK

1.6 kB

URL HTTP/1.1
222.99.27.132/css/right.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1559 bytes)
Hash
08f941245d1cfbff1a5633f4971e5c16
1115d0faa3d668d7a87481ff70c09423c379833a
3351958864e7af1dc3fa699188ef7a4baa2423b7c2fcf6bd9060a919ebacf19e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/right.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=997
Content-Length: 1559
Last-Modified: Wed, 14 Oct 2015 05:56:50 GMT
Content-Type: text/css

222.99.27.132/css/left.css

222.99.27.132

200 OK

3.9 kB

URL HTTP/1.1
222.99.27.132/css/left.css
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3893 bytes)
Hash
d470abf739dc53c2ec74bb2b47f2dc20
7213f0ce34319596abf144736bfcda24e63abca6
4b63d3aa46b696755b8bb4db70ea857c40bc039a6363fce576a145a00dc10abf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/left.css HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=998
Content-Length: 3893
Last-Modified: Mon, 23 May 2016 07:32:10 GMT
Content-Type: text/css

222.99.27.132/js/main.js

222.99.27.132

200 OK

91 kB

URL HTTP/1.1
222.99.27.132/js/main.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
91 kB (90748 bytes)
Hash
b9b1524db688dfeb1268de8e751e4137
72caad476efa0d882f9261f45f18a6c7006c6007
6071fa28481994fb68b1a22059438c1ed7552b3d956d8a0203dcbf8b5721bbad

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/main.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=998
Content-Length: 90748
Last-Modified: Fri, 03 Jun 2016 04:22:56 GMT
Content-Type: application/javascript

222.99.27.132/js/language.js

222.99.27.132

200 OK

127 kB

URL HTTP/1.1
222.99.27.132/js/language.js
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
127 kB (126807 bytes)
Hash
7380e1d733ba653f953c011e03dfc1de
e621eb2703d14af8492be3444a1120dabb693391
e04826143b53b119224fcfa801a7f141fb054081902a58aea5af7ea72696a17b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/language.js HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:02 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=999
Content-Length: 126807
Last-Modified: Mon, 23 May 2016 06:25:52 GMT
Content-Type: application/javascript

222.99.27.132/html/webplugin.html

222.99.27.132

200 OK

2.4 kB

URL HTTP/1.1
222.99.27.132/html/webplugin.html
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
2.4 kB (2417 bytes)
Hash
71cba94de7050a3623e425abc3b976d6
c5111b4a571b4ed5ae6b0600c0d05137c5499ec4
1245f2b701d80fad35d82fd18ad7ea53f9195888935b46d98c8cebe5c5a44bfb

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /html/webplugin.html HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:09:03 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=998
Content-Length: 2417
Last-Modified: Fri, 27 Nov 2015 06:41:08 GMT
Content-Type: text/html

222.99.27.132/favicon.ico

222.99.27.132

404 Not Found

0 B

URL HTTP/1.1
222.99.27.132/favicon.ico
IP
222.99.27.132:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 222.99.27.132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://222.99.27.132/html/webplugin.html

HTTP/1.1 404 Not Found
Date: Sat, 04 Feb 2023 23:09:03 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=ISO-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML