Report - 34.125.225.70

Report Overview

Submitted URL
34.125.225.70
IP
34.125.225.70
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-05-07 05:00:47
Access
public
Website Title
Unam Web Panel — Login
Final URL
34.125.225.70/pages/login.php
Tags
botpanel malware
urlquery detections
Malware - Botnet panel

Detections

urlquery
16
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
34.125.225.70	unknown	unknown	No data	No data	5.8 kB	312 kB	34.125.225.70

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed
2024-05-07	medium	34.125.225.70	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-05-06	medium	34.125.225.70/pages/login.php	Unknown malware

JavaScript (5)

	URL	Size	First Seen	Last Seen
	34.125.225.70/__UNAM_LIB/unam_lib.js	952 B	2023-03-08	2024-05-16
Pretty URL 34.125.225.70/__UNAM_LIB/unam_lib.js IP 34.125.225.70 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:22:52 Last Seen2024-05-16 20:19:24 Times Seen409 Hash 8c7fb12cb6f7e2df13448f35fcc57fb4 d21730a298168b00466ccf8d73232794c789bc23 203a6503c36c58ca3a61da4107de3834e15419b1f5540b98e7ff2c503b01e2ee Loading...

	34.125.225.70/pages/login.php	0 B	2023-03-07	2024-05-19
Pretty URL 34.125.225.70/pages/login.php IP 34.125.225.70 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 13:13:54 Times Seen37826617 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	34.125.225.70/assets/modules/jquery/jquery-3.7.1.min.js	88 kB	2023-08-31	2024-05-19
Pretty URL 34.125.225.70/assets/modules/jquery/jquery-3.7.1.min.js IP 34.125.225.70 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03:19 Last Seen2024-05-19 12:09:00 Times Seen9787 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	34.125.225.70/assets/modules/izitoast/iziToast.min.js	18 kB	2023-03-07	2024-05-16
Pretty URL 34.125.225.70/assets/modules/izitoast/iziToast.min.js IP 34.125.225.70 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2024-05-16 20:19:24 Times Seen670 Hash df383d4feeb05ea8bfe86a0569ef0524 c6fd53b0a4abc2b73f55025ecb28d2eb65db93d4 df6d4fc52f8f3af6ef59c215a1165e4667f7daaedf4c5409db56d7c133564446 Loading...

	34.125.225.70/assets/modules/select2/select2.min.js	71 kB	2023-03-08	2024-05-16
Pretty URL 34.125.225.70/assets/modules/select2/select2.min.js IP 34.125.225.70 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:22:52 Last Seen2024-05-16 20:19:24 Times Seen431 Hash 37dd3c4be796c3e4d2914e336fc84624 efd00b3c59b9093335cfcc043fa0576587676636 d7a7379926f63b11f218a615443f004d03fc499bc1baf50d4142b1b2a76c3772 Loading...

HTTP Transactions (15)

URL IP Response Size

34.125.225.70/

34.125.225.70

302 Found

0 B

URL User Request GET HTTP/1.1
34.125.225.70/
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Tue, 07 May 2024 05:00:22 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-FGaGi/Oh43a0hp2w0g5iCw=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none';
Feature-Policy: geolocation 'none'; microphone 'none'; camera 'none'
Permissions-Policy: geolocation=(), microphone=(), camera=()
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Robots-Tag: noindex, nofollow
Cross-Origin-Resource-Policy: same-origin
Set-Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: pages/login.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

34.125.225.70/pages/login.php

34.125.225.70

1.2 kB

URL User Request GET
34.125.225.70/pages/login.php
IP
34.125.225.70:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document, ASCII text, with very long lines (324), with CRLF line terminators
Size
1.2 kB (1239 bytes)
Hash
a8965c92d69bfa7df745d24fd0766c04
ef08cb4356958255a787abffd912cbd71f56df72
211788d3972e981ccfdb4c798d9e5f22bd52e6bf80917e8838fc68840bd7dd8c

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/login.php HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-9PMNOHyuEky8RDJOGk2wjA=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none';
Feature-Policy: geolocation 'none'; microphone 'none'; camera 'none'
Permissions-Policy: geolocation=(), microphone=(), camera=()
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Robots-Tag: noindex, nofollow
Cross-Origin-Resource-Policy: same-origin
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1239
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

34.125.225.70/assets/modules/fontawesome-free/css/fontawesome.min.css

34.125.225.70

200 OK

13 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/fontawesome-free/css/fontawesome.min.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with very long lines (57726), with CRLF line terminators
Size
13 kB (12586 bytes)
Hash
bb747d04bc4c8aa452bb9bd91ae47935
9039d9584b2e8f55f9da771dcf1b4854b6633e14
e0351876703417eb2a9985cb15ecf9910966d2941e7c61c8f3907a2834c38383

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/fontawesome-free/css/fontawesome.min.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "e23c-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12586
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

34.125.225.70/assets/modules/fontawesome-free/css/solid.min.css

34.125.225.70

200 OK

312 B

URL GET HTTP/1.1
34.125.225.70/assets/modules/fontawesome-free/css/solid.min.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with very long lines (483), with CRLF line terminators
Size
312 B (312 bytes)
Hash
3b659e3d10259f2c31001fee050aeb63
b4be4363d60981bd76c578190333414f0b91407c
7854d8e44687343f7178f324562de684a174684f0e92c66ce00d4c4bf1795fc1

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/fontawesome-free/css/solid.min.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "2a1-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

34.125.225.70/assets/css/custom.css

34.125.225.70

200 OK

1.4 kB

URL GET HTTP/1.1
34.125.225.70/assets/css/custom.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
assembler source, ASCII text, with CRLF line terminators
Size
1.4 kB (1426 bytes)
Hash
1123383213092643b28c31c521a184ef
5a584dd8aa499f0f0d97734b5f1c6a20444d77a4
19567504a2faa9db6515f2323aeb58f0892db85b0fca2a3cb7ffea243369d43f

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/custom.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 05 Feb 2024 05:50:20 GMT
ETag: "14ce-6109c0976ff00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1426
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

34.125.225.70/assets/modules/izitoast/iziToast.min.js

34.125.225.70

200 OK

5.1 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/izitoast/iziToast.min.js
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (18398), with CRLF line terminators
Size
5.1 kB (5080 bytes)
Hash
df383d4feeb05ea8bfe86a0569ef0524
c6fd53b0a4abc2b73f55025ecb28d2eb65db93d4
df6d4fc52f8f3af6ef59c215a1165e4667f7daaedf4c5409db56d7c133564446

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/izitoast/iziToast.min.js HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "4836-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5080
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

34.125.225.70/assets/modules/select2/select2.min.js

34.125.225.70

200 OK

20 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/select2/select2.min.js
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64130), with CRLF line terminators
Size
20 kB (19907 bytes)
Hash
37dd3c4be796c3e4d2914e336fc84624
efd00b3c59b9093335cfcc043fa0576587676636
d7a7379926f63b11f218a615443f004d03fc499bc1baf50d4142b1b2a76c3772

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/select2/select2.min.js HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "114c4-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19907
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

34.125.225.70/__UNAM_LIB/unam_lib.js

34.125.225.70

200 OK

389 B

URL GET HTTP/1.1
34.125.225.70/__UNAM_LIB/unam_lib.js
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with CRLF line terminators
Size
389 B (389 bytes)
Hash
8c7fb12cb6f7e2df13448f35fcc57fb4
d21730a298168b00466ccf8d73232794c789bc23
203a6503c36c58ca3a61da4107de3834e15419b1f5540b98e7ff2c503b01e2ee

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__UNAM_LIB/unam_lib.js HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "3b8-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 389
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

34.125.225.70/assets/modules/izitoast/iziToast.min.css

34.125.225.70

200 OK

10 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/izitoast/iziToast.min.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with very long lines (41419), with CRLF line terminators
Size
10 kB (10437 bytes)
Hash
b2f7bdc3ed47f5956551ce0333925792
d2c6cd54cf8a6c040c28844b306543b76eeab8b8
7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/izitoast/iziToast.min.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "a221-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10437
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

34.125.225.70/assets/modules/select2/select2.min.css

34.125.225.70

200 OK

2.0 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/select2/select2.min.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with very long lines (14965), with CRLF line terminators
Size
2.0 kB (2000 bytes)
Hash
ba5948c0bda0f5f26bd3068ce565deaa
6d28595693ce13f1a79db7d5c73bd82b13cf63b5
c2a282dd6dac10a3fbf469b4e67f489608777854e6d157bf11233dfbaa16851e

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/select2/select2.min.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "3a77-5dde6c1d91800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2000
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

34.125.225.70/assets/modules/jquery/jquery-3.7.1.min.js

34.125.225.70

200 OK

30 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/jquery/jquery-3.7.1.min.js
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30362 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/jquery/jquery-3.7.1.min.js HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 15 Jan 2024 00:26:30 GMT
ETag: "155ed-60ef110add980-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30362
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

34.125.225.70/assets/css/adminlte.min.css

34.125.225.70

200 OK

122 kB

URL GET HTTP/1.1
34.125.225.70/assets/css/adminlte.min.css
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
ASCII text, with very long lines (65148), with CRLF line terminators
Size
122 kB (121678 bytes)
Hash
efd25adb317155ad5b5e3ab8a9a692dd
db0afb70249f3787a94bd4e97ebda0878191d394
8777aaf5d50b19f517d03349f82ac8634fac8d2d4ef71a715fead6a43435ee25

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/adminlte.min.css HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 20 Dec 2022 17:52:50 GMT
ETag: "151a4a-5f0461ab50080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

34.125.225.70/assets/fonts/sourcesanspro-regular-webfont.woff2

34.125.225.70

200 OK

20 kB

URL GET HTTP/1.1
34.125.225.70/assets/fonts/sourcesanspro-regular-webfont.woff2
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
Web Open Font Format (Version 2), TrueType, length 20540, version 2.2949
Size
20 kB (20540 bytes)
Hash
d67b548b833d70dda3779916f5415e7e
f1d3b0c478384a35f0766d9d1839aea81a164b3f
8792619becd8b285e78f14bfcf1ad66e2adbae0f5ec8ad131246621f806ac535

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/sourcesanspro-regular-webfont.woff2 HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.125.225.70/assets/css/custom.css
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:24 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 03 Feb 2024 04:44:42 GMT
ETag: "503c-61072e30f2280"
Accept-Ranges: bytes
Content-Length: 20540
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

34.125.225.70/assets/img/favicon.png

34.125.225.70

200 OK

1.8 kB

URL GET HTTP/1.1
34.125.225.70/assets/img/favicon.png
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
PNG image data, 120 x 120, 8-bit colormap, non-interlaced
Size
1.8 kB (1846 bytes)
Hash
596af1ae4b10854e334121133691325b
ccbaa5ee0def372ae2d791e7c0666e5777c75198
576d5210ef7bd676fff12be80fd61b793c5acdc618b4734f2da4cd638966e496

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon.png HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:24 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "736-5dde6c1d91800"
Accept-Ranges: bytes
Content-Length: 1846
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

34.125.225.70/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2

34.125.225.70

200 OK

78 kB

URL GET HTTP/1.1
34.125.225.70/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
IP
34.125.225.70:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.125.225.70/pages/login.php

File type
Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261
Size
78 kB (78196 bytes)
Hash
e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 34.125.225.70
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.125.225.70/assets/modules/fontawesome-free/css/solid.min.css
Cookie: PHPSESSID=inju09hmivstlvnk66opugihhp
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:00:24 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 30 Apr 2022 22:34:08 GMT
ETag: "13174-5dde6c1d91800"
Accept-Ranges: bytes
Content-Length: 78196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP