Report - 79.137.209.71:3000/login

Report Overview

Visited public
2025-06-03 13:10:51
Tags
URL
79.137.209.71:3000/login
Finishing URL
79.137.209.71:3000/login
IP / ASN
79.137.209.71
#12695 LLC Digital Network
Title
Авторизация

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-05-28	446 B	87 kB	142.250.178.106
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-05-28	451 B	7.3 kB	104.17.25.14
79.137.209.71	unknown	unknown	No data	No data	815 B	7.1 kB	79.137.209.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-03	medium	79.137.209.71	Sinkholed
2025-06-03	medium	79.137.209.71	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	79.137.209.71:3000/login	ScriptElement	2.1 kB	2025-06-03	2025-06-03
Pretty URL 79.137.209.71:3000/login IP 79.137.209.71 ASN #12695 LLC Digital Network Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-03 13:10 Last Seen2025-06-03 13:10 Times Seen1 Hash 337385779f1e03ecb0a2019912c6d244 f1f049c1dd306c0e7ca3e2aae4d85a9c21836958 03b99b78801fcc1244220a55c95f1129d615d6937619f44d7fc8b3953fb4b61f Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js	ScriptElement	6.3 kB	2023-03-07	2025-06-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34 Last Seen2025-06-07 06:50 Times Seen203 Hash a6b81a1b266ec15dee03287742c3fd2b 292130bce7267964021f6aed61e114bbbe9cc54e df61117d7806f863533acc213c4fdf87a667c109fc708eb4bedb9d35e30adb1a Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-06-06
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 142.250.178.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-06 01:22 Times Seen10001 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

HTTP Transactions (4)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

142.250.178.106

200 OK

86 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
http://79.137.209.71:3000/login
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32034)
Size
86 kB (86341 bytes)
Hash
d0212568ce69457081dacf84e327fa5c
d6702a1af0378b2342f6a0692e77c169f580aed7
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

HTTP Headers

GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://79.137.209.71:3000/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 May 2025 20:00:22 GMT
expires: Fri, 29 May 2026 20:00:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 407397
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js

104.17.25.14

200 OK

6.3 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://79.137.209.71:3000/login
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
JavaScript source, ASCII text, with very long lines (548)
Size
6.3 kB (6269 bytes)
Hash
a6b81a1b266ec15dee03287742c3fd2b
292130bce7267964021f6aed61e114bbbe9cc54e
df61117d7806f863533acc213c4fdf87a667c109fc708eb4bedb9d35e30adb1a

HTTP Headers

GET /ajax/libs/crypto-js/3.1.2/rollups/md5.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://79.137.209.71:3000/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 03 Jun 2025 13:10:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 2040
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 949f6e111b9e5685-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-187d"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 386295
expires: Sun, 24 May 2026 13:10:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHvPm46GbXR0oB1lmOUH8ZY9B%2BgT5i01c33ryULGwlvAcJ61FR3laPu7UVy1m4sxQEngminZU3dqdDDOx5TQvE1N%2F%2Fe7BEZKReIMm2gL2nJerOqMUUMBxFyBCKuCHHXKlmNqAaRh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

79.137.209.71:3000/favicon.ico

79.137.209.71

404 Not Found

19 B

URL GET
79.137.209.71:3000/favicon.ico
IP
79.137.209.71:3000
ASN
#12695 LLC Digital Network

Requested by
http://79.137.209.71:3000/login

File type
ASCII text
Size
19 B (19 bytes)
Hash
595e88012a6521aae3e12cbebe76eb9e
da3968197e7bf67aa45a77515b52ba2710c5fc34
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 79.137.209.71:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://79.137.209.71:3000/login
Cookie: MacaronSession=aec98a42312d99ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: 
Cache-Control: private, max-age=10
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Tue, 03 Jun 2025 13:05:30 GMT
Server: Goching/release-15.3
Server-Timing: 01;desc="Request Prepearing";dur=0.004, 02;desc="Hash computing";dur=0.005, 03;desc="Cache Request";dur=0.011, 99;desc="Total";dur=0.041
X-Cache: api=false, c=true, hash=326becd51d631f3d7198a101bb90d262, m=true
X-Content-Type-Options: nosniff
X-From-Server: Etery/release-15.3

79.137.209.71:3000/login

79.137.209.71

200 OK

5.9 kB

URL User Request GET
79.137.209.71:3000/login
IP
79.137.209.71:3000
ASN
#12695 LLC Digital Network

File type
JavaScript source, Unicode text, UTF-8 text
Size
5.9 kB (5932 bytes)
Hash
447c9eaab56a80b23749ae2117a5987c
5074bc088a695d0034f2bc2fb4d09c5579fc1bd9
06f709ff41d114e80ee87a66438b6b30347ba0b35cdfc1d18bd14be842807452

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 79.137.209.71:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: 
Cache-Control: private, max-age=191
Content-Encoding: gzip
Content-Length: 1756
Content-Type: text/html; charset=utf-8
Date: Tue, 03 Jun 2025 13:08:30 GMT
Server: Goching/release-15.3
Server-Timing: 01;desc="Request Prepearing";dur=0.004, 02;desc="Hash computing";dur=0.004, 03;desc="Cache Request";dur=0.010, 99;desc="Total";dur=0.037
Set-Cookie: MacaronSession=aec98a42312d99ff; Path=/; HttpOnly
X-Cache: api=false, c=true, hash=4a8695cfbc6a51e41c9cf265581c296f, m=true
X-From-Server: Etery/release-15.3

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers