Report - 85.185.20.208

Report Overview

Submitted URL
85.185.20.208
IP
85.185.20.208
ASN
#58224 Iran Telecommunication Company PJS
Submitted
2024-05-10 11:53:35
Access
public
Website Title
WEB SERVICE
Final URL
85.185.20.208/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
164

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
85.185.20.208	unknown	unknown	No data	No data	32 kB	511 kB	85.185.20.208

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed
2024-05-10	medium	85.185.20.208	Sinkholed

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	85.185.20.208/jsCore/common.js	5.9 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/jsCore/common.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen141 Hash f91f1206ed4eb3b86db715e650a9976b 2aace823ea504ee14ac80fb15fc695afa02be0a7 ff2836f526fc13a923e762b927b7dbb29e9caa4ee92397c2a1b65c0778ed507c Loading...

	85.185.20.208/js/rpcCoreEx.js	574 B	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/rpcCoreEx.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen46 Hash fba9755179d2b810e81d27f47a89b906 c86b6d8191649e68a908c9f46fb2da774e7710ab 092432ae908cd0ce4b6ecbb5f05aeb4b9f8c2e0d9acf916c8617896891b079f7 Loading...

	85.185.20.208/olp.js	1.9 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/olp.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen85 Hash 5c719b34c379d0ba697a10e4c16f4def 83f1c4489f8a3ff69272c288a7f8f56f4d7d7d29 db609e3d11e2b514824510c99cf7aa29592093fdbf6eb31439b640f515e32b32 Loading...

	85.185.20.208/jsCore/base64.js	1.4 kB	2023-03-07	2024-05-20
Pretty URL 85.185.20.208/jsCore/base64.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-20 13:48:52 Times Seen573 Hash 5eff3600464bfd8f5ef4c272907b9549 2a5d22360933506d19d43e00923ed4e21ca31bb8 406d5f2eaf96a6969b0ab8eec948ea8ef4bc5d187af61b4bc0d0f149e06af38f Loading...

	85.185.20.208/js/ptzCtrl.js	2.8 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/ptzCtrl.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen27 Hash c6a43f5e70fa589f20f58a9984f5a8ae 3a70358e74b8805d6014a4779f15853d56bd3c5f 269e88f7a85ffb06b5a320e1a6590cc11b96aee814c0b4cc7d2e9dc7b004ed16 Loading...

	85.185.20.208/jsCore/more.js	27 kB	2023-03-07	2024-05-18
Pretty URL 85.185.20.208/jsCore/more.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-18 20:38:14 Times Seen554 Hash 65946cf7e9842eba5e8ab1a0f9f59f87 3513a23ca7f3a45fb3574fbefd13d44689bf1336 0572aebeccc9ecc7321e83a34af0629bc1a38e8e5bab310440763b1c44f1b04c Loading...

	85.185.20.208/js/eventScript.js	4.4 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/eventScript.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen101 Hash 13989a0d6e12d414e48a5c57c7e7d6bb 5ceace0be0da2d28086ea9bacffe17c148fd3c4e c8c4fa4b09b3c19acd9d1c145a57e861f6bf4f3b8cf4ab583f1c7832d7a6f25a Loading...

	85.185.20.208/js/WindowManager.js	1.0 kB	2023-03-07	2024-05-18
Pretty URL 85.185.20.208/js/WindowManager.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-18 20:38:14 Times Seen118 Hash 8948134ab01a0e1d3644bada337d799a a2d43b6c97a249fb3a911100468a0e8bea97f773 1b7d8a95bba1ec58c74cd1f9b4f7bf2f450ce893444d54f81bcfdd529afa7310 Loading...

	85.185.20.208/jsCore/md5.js	4.1 kB	2023-03-07	2024-05-20
Pretty URL 85.185.20.208/jsCore/md5.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-20 13:48:52 Times Seen584 Hash 2a97dd0b57aa2c62ecdb63f803c9040b ecc3580ac9f03705c2fc04571989cfea1a8def19 d4be5fd6e2d08e3b8ff86980c712d3f3606ec5c1da1a911f215937f35586e282 Loading...

	85.185.20.208/js/playbackindex.js	94 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/playbackindex.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen8 Hash f6b13a6970e1cd0da7ebc7c330bad2b1 b9b3609f8aaf243d5550086a66881fbd6dcea1fe 37768e9737edc1b5336588015cbb77420f7354b7c132aeedb1aaf3dcdc4d2737 Loading...

	85.185.20.208/js/system.js	1.5 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/system.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen122 Hash e7b3e7b23f3aceb03e37e194a9bb7a6b 7aa33625f42506fdcb83d98d24d373d5bdf68175 5d12a1aeb5251f1265c3fc43dabaacac5b361744dd5389e56fc060d692ece2ad Loading...

	85.185.20.208/js/publicFunc.js	49 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/publicFunc.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen36 Hash 65ee67f3bcae5b277aab4a68daa31344 7d03427624d23131f6ab3e46c4d8c1ad448ca20c 0bc194cab2ef1761bfd35e1ca107eacf0139549e571bdde54be548ddccd40da1 Loading...

	85.185.20.208/jsCore/m.js	61 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/jsCore/m.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen101 Hash 8260227d20cd111b7934ad35f804a2fc 78ce64a1f0c49ed5233aefc117d5e2aa641e5523 6c17be503d340b893a88cd33825fe5ff73117f7468103a083aa1ac4a68245b2a Loading...

	85.185.20.208/jsCore/rpcCore.js	35 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/jsCore/rpcCore.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-10 13:53:42 Times Seen292 Hash b32739570884a31de025637ad407edda 1f6118c9eae1fd6967b8f2ac3f54c24dad9a6963 92b509080734b804ef1c56e77f2128e6dd78ddb1b5e8675d4ad7fa9d92f04ac3 Loading...

	85.185.20.208/js/loginEx.js	5.7 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/loginEx.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:51 Last Seen2024-05-10 13:53:42 Times Seen88 Hash 1d37565529f78e11269ee15a1b5df7f6 fdfdbdbc273efe2187f2edb249ab540f743a7b27 65454fbdc3fd4f1b8881246a175b05b6522ce7fd6e3528e92b74871a080c379c Loading...

	85.185.20.208/js/appAbility.js	651 B	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/appAbility.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen45 Hash 33ab525193480b457d46704d12b41192 7cc5c538cf9200dd6600b25bfdcff3d9c4d6d071 38066bf197f5a58958fe7f8cb1b82dad8dc42d2505a3b520b4f0f99c05ae4f0d Loading...

	85.185.20.208/	0 B	2023-03-07	2024-05-20
Pretty URL 85.185.20.208/ IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 21:11:43 Times Seen37892946 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	85.185.20.208/js/Grid.js	1.0 kB	2023-03-07	2024-05-18
Pretty URL 85.185.20.208/js/Grid.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-18 20:38:14 Times Seen120 Hash c182954150918d69cd1e31d99869007f dbd1b45a48763dc8329e2130e937b31668ffb07d ef5e15396d7363c04be5ae40cf173b37f170f019331466753a58a603afa243d7 Loading...

	85.185.20.208/js/previewindex.js	55 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/previewindex.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen6 Hash 829440c7919e8635d20b4db4f45ebbea 8307ba9209cffeab495843c99bd568409265b7ce 57b962514b65dfeba040f7ce3a9c212c149ea59f165a3678ab81eba0aff193d0 Loading...

	85.185.20.208/js/Calendar.js	5.2 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/Calendar.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen88 Hash fbba12342ad67d56f405b5a5cbb10fbd a589e424282b89bcf05a866535d9eab440e3dbf7 ba90dfcf7d0c1760895ee02954340ed7140588a029eb8777a356fea1d98d23d4 Loading...

	unknown	14 B	2023-05-23	2024-05-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-23 11:37:58 Last Seen2024-05-10 13:53:42 Times Seen218 Hash 1f0bd8abf059aea4a2ecb5b3c1a58052 28a80d96102f7a0eea46d036edaec3312910bc3f b827366ba26175441605cdc37f8a7735052cdfec466c2e507bdae7474ddf7370 Loading...

	85.185.20.208/js/qt.js	9.6 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/qt.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen122 Hash ad26b10f14e2f1f9d0354a0186f12466 ed80748a27c79c91a094d1c56f8d5d1d0ce8267e 16f0b8ffccac4c5fce74b6433dcd72e3b0fd54331344691072def0e6084c15f6 Loading...

	85.185.20.208/js/index.js	23 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/index.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen16 Hash 828b718b411e422c2370a8833ca9a648 3522139d99bc75b4cb83cafaa7026f52f65b7ff4 ceade1227a1c4b6d3a86caa0341c6f31af691cc730c642e6e882dfdd8438bd10 Loading...

	unknown	89 B	2023-04-14	2024-05-18
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-14 22:42:06 Last Seen2024-05-18 20:38:13 Times Seen280 Hash 49da9db83405aae23f0786c25cf717d6 41ba4aa507e09a426b03808ecd176a99e23ddbc8 4e20c10ccfc3f15a48b79c7a3f83096ecf7652a385d4f9da834b35e2ad9610ce Loading...

	85.185.20.208/js/PlayControl.js	732 B	2023-03-07	2024-05-18
Pretty URL 85.185.20.208/js/PlayControl.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-18 20:38:13 Times Seen118 Hash 300c9af6e9f3f2318f1de35b8984521b 5601a59ee01b5e848aaab3e025efc419efd8005c 358fd6263a0e7e7467cb29db467aabbbe1f126538839b54feddfcdfe56a46f30 Loading...

	85.185.20.208/html/previewindex.htm?undefined	93 B	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/html/previewindex.htm?undefined IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen75 Hash 9c361de1e233133b7eeee74a6f532106 89c6f88d1d7586ae079f406fcc4ac1b1565d65c4 1e127599a3a5d7e797c9d638af9fbe911d77b527cb9e0678f8d02db6ea87237c Loading...

	85.185.20.208/jsCore/rpcLogin.js	2.3 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/jsCore/rpcLogin.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-10 13:53:42 Times Seen544 Hash 66886606d1e1071bf54963a66d7fe2ef 868ef5ac493c671ae11ef3ab5f9c070ed2eecfb2 84aac27c3861aa158f56037d0c2352771e460aef8cc18a0c1fb6c116e62c6057 Loading...

	85.185.20.208/js/GroupControl.js	4.4 kB	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/GroupControl.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen91 Hash 5fa4847c7097576f4634432c3e9d0461 650555494aa0d82283688a9cb4d4eb6d3f50058e fffd0fc80ad5a54f319a273da9e62b8aaaf8d06783724ac733a75b036e3d6d14 Loading...

	85.185.20.208/cap.js	255 B	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/cap.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:25 Last Seen2024-05-10 13:53:43 Times Seen37 Hash b0a0ae6bde77440dbbc8eadc3d737e84 ef8c5575e69bf54d1f1bcc9c3c6f548c931ee13c 4076bfa33154833847b1cb53dd28c410d33a4fbada784fa2bafe0229af5bbe8a Loading...

	85.185.20.208/js/ft.js	55 B	2023-03-07	2024-05-10
Pretty URL 85.185.20.208/js/ft.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:42 Times Seen99 Hash 3448ffb842ba86cd33989492a9330bc5 3683d49fbfa5870cefddabd3a233722715678c0d e1af24cd8ba759ab3328f0f7e4b5b3f94ea46923bf204c8576168c7a68f27275 Loading...

	85.185.20.208/js/alarmindex.js	4.3 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/alarmindex.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:52 Last Seen2024-05-10 13:53:42 Times Seen71 Hash 6ef810839ed87a016f86ee69d95e2955 74a6bc126d07abacae6b4e26294e652cf7909f95 6bcbfd7784cf8823f9d70b5ca64755f52380e3a371927ddf3c6c73cd4b43f54d Loading...

	85.185.20.208/	0 B	2023-03-07	2024-05-20
Pretty URL 85.185.20.208/ IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 21:11:43 Times Seen37892946 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	85.185.20.208/js/FileList.js	2.9 kB	2023-03-09	2024-05-10
Pretty URL 85.185.20.208/js/FileList.js IP 85.185.20.208 ASN #58224 Iran Telecommunication Company PJS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:12:51 Last Seen2024-05-10 13:53:43 Times Seen34 Hash 81bde31c88bdd7bb8d428c4c06a5bf58 6802a402f426b77e778f17772daa0274cb5728e1 381c2c2d0b73ec1bee23da043271eb2a410598b12e0314868d7c945c5f207497 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2586769738f656a857861faccfe8f736	75 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 13:53:43 Last Seen2024-05-10 13:53:43 Times Seen1 Hash 2586769738f656a857861faccfe8f736 8bf6cbf5bc414132ab3a5135555af21db63ee4a2 b36b118d30aa292d3d671b4e134bee67b2d7e6ec7c7d1fe15b6b0afaf2aa1306 Loading...

		Size	First Seen	Last Seen
	#1 Write - 17bcf5b0be40a534cf8647a997d77f4d	35 B	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 16:22:10 Last Seen2024-05-10 13:53:43 Times Seen85 Hash 17bcf5b0be40a534cf8647a997d77f4d 36cd65e8405d22dbc3e8fcce098a7a38bee5b113 1b68401dd30b7b7a037fe41f016e47bec5fed5b8b8eb9e60049649ae588a0856 Loading...

HTTP Transactions (82)

URL IP Response Size

85.185.20.208/

85.185.20.208

10 kB

URL User Request GET
85.185.20.208/
IP
85.185.20.208:0
ASN
#58224 Iran Telecommunication Company PJS

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
10 kB (10094 bytes)
Hash
51112305a3beee0b212d75926a446b4f
85466d10a31335a8a87af48dfb403d6989bda0e9
5b89154fbd3a83180ef4cf4c4705ea81bbcfa6c37250c62ce3987b3f18fd1e80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 10094
P3P: CP=CAO PSA OUR
CONTENT-TYPE: text/html

85.185.20.208/jsCore/md5.js

85.185.20.208

200 OK

1.6 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/md5.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
OpenPGP Secret Key
Size
1.6 kB (1623 bytes)
Hash
ac32581aa7484ac41ffa93a9b49f3a76
e58f3f9b29e85ceb0131e7e1898e7fb312cb76fe
9ddca40481524361e3b6081ff62c0479d342f5a118bd2cec3cdddd94ef75bc91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/md5.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1623
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/base64.js

85.185.20.208

200 OK

563 B

URL GET HTTP/1.1
85.185.20.208/jsCore/base64.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
563 B (563 bytes)
Hash
8ba26ea431a06be823cd3fc0173ea7f9
927f9fa4c0afce8a886c284dbb740c05f527bfb0
ae958e77f92f2e8d6655c5f814de677c10ac3f77738087eb1ab883e2a1e0e266

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/base64.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 563
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/rpcCore.js

85.185.20.208

200 OK

5.2 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/rpcCore.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
5.2 kB (5161 bytes)
Hash
ff0f7d3c48261d8e3d9a08337f6dcbb4
0b1a05c0cb13b06bcc9577c1b1bbfd8981745666
f9d0a54dd841eed3034a9ef6dfe03ce882d0e3aee0c927063457ccd6c63355dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5161
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/more.js

85.185.20.208

200 OK

7.9 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/more.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
7.9 kB (7927 bytes)
Hash
ae2ac9881141942d49d8fe713be13fe3
b10e883d4809bf7effa6c86c029f750d326c3489
7de60c731fe00a344e5b54d72978748081cd2fe4c1952a517e61a18ddf882980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 7927
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/m.js

85.185.20.208

200 OK

19 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/m.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
19 kB (18807 bytes)
Hash
db39b44306166a07a87e0575853f1fbb
84f8c22038dd1a03698d8ae7c9669d6f30d3e5cc
a2629452ffff157b07f1e7c4fc4f98b5db9862e011d96cefe6e9bae8b313f713

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 18807
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/rpcLogin.js

85.185.20.208

200 OK

894 B

URL GET HTTP/1.1
85.185.20.208/jsCore/rpcLogin.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
894 B (894 bytes)
Hash
69eb1ac5bc72e100aa9386fcaa072948
b07f7601e3a004667958cb20fa38d81f622c576d
f37ee56603d63e95b33f9607f676a06f0214814d790e108bb81d5e27ab235ecd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcLogin.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 894
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/common.js

85.185.20.208

200 OK

2.1 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/common.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.1 kB (2133 bytes)
Hash
0c8a6a64f71dac92006acea3d02756c3
310e9a6c88fdc02cf9d2d0adb129c49306524aac
db52f74466841d69cd4882f89d7678a3ace3ce4daa2d896aacd227e06fa84928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/common.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2133
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/rpcCoreEx.js

85.185.20.208

200 OK

313 B

URL GET HTTP/1.1
85.185.20.208/js/rpcCoreEx.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
313 B (313 bytes)
Hash
57dff3a9eea5d203c9fc7946c443304a
07268c91b49ec6e16bb6247b0a83da5274ec70a6
b0dcc18ff2613d8800139046540a780a2a29c943d1193cda3574ed1fdbbba591

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/rpcCoreEx.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 313
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/system.js

85.185.20.208

200 OK

698 B

URL GET HTTP/1.1
85.185.20.208/js/system.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
698 B (698 bytes)
Hash
28a5c292dbeb494ae08d7647efc6d9a7
be1ff33944269b02de198e1b7320488dd211cbb3
2f2bb66197d042d326061c4db1f81e0bffc026c1ae4158933f23d79c233db67d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/system.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 698
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/loginEx.js

85.185.20.208

200 OK

2.1 kB

URL GET HTTP/1.1
85.185.20.208/js/loginEx.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.1 kB (2090 bytes)
Hash
3401877560c3d837c782232a7aaeaceb
cc1ad8f8d315128c4ba881e97cec2fe487552e4d
e8ddd3589d04b41f7f286cf85f8c1e9c425d7aba727fe1e2cb948c5789aab1d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/loginEx.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2090
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/appAbility.js

85.185.20.208

200 OK

318 B

URL GET HTTP/1.1
85.185.20.208/js/appAbility.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
318 B (318 bytes)
Hash
08faa77c049fbe05c4059f39976dc1cb
bb256347ba38e6c25fef4322ece294f60466d436
202926d2dd7a6c559259dc1e554941f1719bb5a0226f11342a2c7700a1d69bef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/appAbility.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 318
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/index.js

85.185.20.208

200 OK

6.8 kB

URL GET HTTP/1.1
85.185.20.208/js/index.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
6.8 kB (6780 bytes)
Hash
76b60a598e0c1425e31fa862dd90416e
51ac60e023ab62f84361fe99076d2167d9026048
04cd1b58f60d3ffa520a99633c1b8d73f2a5ae089427940136522340602fbe61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6780
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/qt.js

85.185.20.208

200 OK

3.2 kB

URL GET HTTP/1.1
85.185.20.208/js/qt.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
3.2 kB (3175 bytes)
Hash
63edb812051a46a5a997fee6a063f163
be66a70b3417e5a3ec78de79e71a62b6ff40e7bb
171fd7a75ddc35eb59d3ee25ad8b517709246746904c84878528a70f8a3f95ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/qt.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3175
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/eventScript.js

85.185.20.208

200 OK

1.4 kB

URL GET HTTP/1.1
85.185.20.208/js/eventScript.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
1.4 kB (1375 bytes)
Hash
fa83928974e2630ff312a6625b6be7ca
ce08a397548519937b5fcf0ae5d4991d4e69c142
f28800179ea2c00ce44748fbd3eac92617236781eda942dcdd6b0a8f2df58aad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/eventScript.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1375
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/olp.js

85.185.20.208

200 OK

812 B

URL GET HTTP/1.1
85.185.20.208/olp.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
812 B (812 bytes)
Hash
ee6170c6c8fbd2f71789f430598e8f34
6c62d478e071ea8940e266ffae078cdc01a09985
6afa6efe9c6993b8a5cea02cc412fd712a405d277eccf34c3b9ed05fa6788be6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olp.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 812
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/current_config/WebCapConfig

85.185.20.208

200 OK

83 B

URL GET HTTP/1.1
85.185.20.208/current_config/WebCapConfig
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
83 B (83 bytes)
Hash
4f6822417b3d5b89e949c3c0f5561f4f
829bc9fac2e2720fbc35695479dd55bb701332c4
2544db836da71b4f09a598f8f6642b3c97e184889eb98eefd69b1f185be79287

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/WebCapConfig HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 83
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/octet-stream

85.185.20.208/css/fn.css

85.185.20.208

200 OK

2.2 kB

URL GET HTTP/1.1
85.185.20.208/css/fn.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.2 kB (2213 bytes)
Hash
96bff59ac2e59ce0582ed11078330bd8
61fbb2873022c54ae4294a5a4160206523bb99a5
c9cb55a8ffed1dca8700e79fb579e11bea52a03ca5851ab33080301e645f2e52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fn.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2213
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/reset.css

85.185.20.208

200 OK

645 B

URL GET HTTP/1.1
85.185.20.208/css/reset.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
645 B (645 bytes)
Hash
2b8e62339a37d621cadf321a85314585
faee1fc127555b7f5dc06016762c02c4950f95ec
92555b2667dffa1141cdcfddb17d45aee317ced75647d31950b53eaacee1ecbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/reset.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 645
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/ui.css

85.185.20.208

200 OK

6.5 kB

URL GET HTTP/1.1
85.185.20.208/css/ui.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
6.5 kB (6470 bytes)
Hash
f2d02e3d654657fa33a5863166844bf8
7f2d0d74e4f8b81c25c67a7b268c266a587b52cb
d6c35666096c93fe272af58cb1a90c79a4990f9f3dabefd75a8c7ae314c30995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/ui.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6470
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/skin.css

85.185.20.208

200 OK

3.7 kB

URL GET HTTP/1.1
85.185.20.208/css/skin.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
3.7 kB (3740 bytes)
Hash
65ee71307b112eec928c58b537c51f8c
f3932edd7595ea1051d53b9b564d44ae65763f40
faf588e868618c34e2c5c40dcedc276283c0f0182d2073c90a7b717e3a9dd87f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/skin.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3740
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/index.css

85.185.20.208

200 OK

1.1 kB

URL GET HTTP/1.1
85.185.20.208/css/index.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
1.1 kB (1130 bytes)
Hash
a235053c5e06f58dc18a546f3e426108
9cf6a7ed4b11c6158d3ea067883e2b623889f710
db93afc2a67dcbfcb0e092cc43dbda0001bfb8488d124296a477a9cc135c656c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1130
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/playbackindex.css

85.185.20.208

200 OK

4.3 kB

URL GET HTTP/1.1
85.185.20.208/css/playbackindex.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
4.3 kB (4346 bytes)
Hash
5ffbf011614517b0a6cd235a4a9c70df
297860b87ef7480a8aec42a86245cc23bf01926a
a229a0e0c8b4ed02d911db2b705f38ebb084c90ab6f0dbe50591d858d621968f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/playbackindex.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 4346
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/current_config/preLanguage

85.185.20.208

200 OK

32 B

URL GET HTTP/1.1
85.185.20.208/current_config/preLanguage
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
32 B (32 bytes)
Hash
58a5e3951d3522546d9588ac46b9aee4
958abab7dcb7044cdda4fc669538539a12e54715
7306e07945e900fbd5ec1ecf7170a48c20f4d99e06b7822d70fc2b1b999fc462

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/preLanguage HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 32
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/octet-stream

85.185.20.208/custom_lang/English.txt

85.185.20.208

404 Not Found

48 B

URL GET HTTP/1.1
85.185.20.208/custom_lang/English.txt
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
HTML document, ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
de47b8952cf60220f474d5004f9f04df
d44daa88381eacd58e1186a9d7a36bdc5adae7d3
a5ab8a7699e699284cf698b35a5172defde53ab4db229b33d24307656cbed54b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /custom_lang/English.txt HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
CONNECTION: close
CONTENT-LENGTH: 48
CONTENT-TYPE: text/html

85.185.20.208/web_lang/English.txt

85.185.20.208

200 OK

57 kB

URL GET HTTP/1.1
85.185.20.208/web_lang/English.txt
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
57 kB (57099 bytes)
Hash
28e1d8150b6ab1453c51de642b88391c
6679d20214077385a2b800627e5117d7619a273a
4b7ab8f5cef79f7c04ea3442dacc93e294eb576969258e0cdf74e9dcc52b1da7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web_lang/English.txt HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 57099
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/octet-stream

85.185.20.208/html/previewindex.htm?undefined

85.185.20.208

200 OK

5.5 kB

URL GET HTTP/1.1
85.185.20.208/html/previewindex.htm?undefined
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
5.5 kB (5467 bytes)
Hash
b91f064e2ae3ab746fd3a4dfe1a3b73b
cac932e0e978db3545385dfa17606dfaf937c2eb
486390638f7ff3d0e9aab5846a7b820b8f908b7cfd6a52c929463dd365f6f054

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/previewindex.htm?undefined HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5467
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/html

85.185.20.208/image/bg.png?version=2.210

85.185.20.208

200 OK

985 B

URL GET HTTP/1.1
85.185.20.208/image/bg.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
PNG image data, 1 x 170, 8-bit colormap, non-interlaced
Size
985 B (985 bytes)
Hash
88f54be55f085162342d5bb51af52a26
b3a1734a05eb9395f83ad17adefadf6e249f75a8
632ac2a6c5d940bdb01830a0c090eba277209be1e0d16094971319cfc31bafff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/bg.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 985
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/lgbg.jpg?version=2.210

85.185.20.208

200 OK

6.3 kB

URL GET HTTP/1.1
85.185.20.208/image/lgbg.jpg?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 483x317, components 3
Size
6.3 kB (6255 bytes)
Hash
4ff53be6165e430af41d782e00207fda
a83930048e73d8e67fbfd284b1e7a9c15cef9b1d
e5cc6df02c1d12a041e4cf906f2f5465fb07c0a55d55a6e42be0a99894219e27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/lgbg.jpg?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6255
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/jpeg

85.185.20.208/image/loginlogo.jpg?version=2.210

85.185.20.208

200 OK

5.0 kB

URL GET HTTP/1.1
85.185.20.208/image/loginlogo.jpg?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 474x56, components 3
Size
5.0 kB (5021 bytes)
Hash
31f1053201e77e60aee661b0ecc791ba
7e720eddfdd7dfd37d71efdb0b81c6611b685822
7fff97e119264488f61073ab0e236a09a784bce2340b234466dda27ec241ae62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/loginlogo.jpg?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5021
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/jpeg

85.185.20.208/image/allbg.png?version=2.210

85.185.20.208

200 OK

1.9 kB

URL GET HTTP/1.1
85.185.20.208/image/allbg.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 1 x 600, 8-bit colormap, non-interlaced
Size
1.9 kB (1927 bytes)
Hash
a98e6e124a4610c0e0aa4e5ebc632ee4
d01f47191118723638fd7bbc22c1476ec3057aaa
54bb9b575dd080f3219d22984f0fe0fd45891f39f3fa57180f588344629a10a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/allbg.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1927
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/logo.jpg?version=2.210

85.185.20.208

200 OK

2.0 kB

URL GET HTTP/1.1
85.185.20.208/image/logo.jpg?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 165x55, components 3
Size
2.0 kB (2033 bytes)
Hash
922d04b3362aa37f5f650696fa612dc6
48f5269c4928ee5d3c29805d59a3c1b41303ea63
7fbc9ae240bb2577a31fbeac3677ffee4dbcc4aa2d32fce99a652458a869823c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/logo.jpg?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2033
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/jpeg

85.185.20.208/js/Calendar.js

85.185.20.208

200 OK

1.5 kB

URL GET HTTP/1.1
85.185.20.208/js/Calendar.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
1.5 kB (1490 bytes)
Hash
484bab165612866bb012aa518b369e44
349d468811f33efc0652880516913f412ba5903d
014defb84b51b0187c084668c18b3317cc03bb25e2e1694c705eac284fed1d7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/Calendar.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1490
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/PlayControl.js

85.185.20.208

200 OK

288 B

URL GET HTTP/1.1
85.185.20.208/js/PlayControl.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
288 B (288 bytes)
Hash
22e6663ff5ba43b3ba17e1878bbeb2d6
4c9894e8ce0821de66d7de4f1f5852a76e121432
53a215bd8f4309b4e339e176d7439bead61a32bb9faa70b7874e22d66639b821

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/PlayControl.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 288
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/FileList.js

85.185.20.208

200 OK

997 B

URL GET HTTP/1.1
85.185.20.208/js/FileList.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
997 B (997 bytes)
Hash
82d29eba461ab741020fb78df5b9f2d8
4e16474f391ea8eb8231c486c123070978b60273
065054e7ca56ee1bba6159ab93dc520edbe96386a9ba8aede2c18a017698e47d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/FileList.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 997
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/WindowManager.js

85.185.20.208

200 OK

409 B

URL GET HTTP/1.1
85.185.20.208/js/WindowManager.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
409 B (409 bytes)
Hash
fa2613f6863ffdf5b6efd1d34a07a1c0
d98f3e5e816f624cd4b6213c3ee750d24283c005
45d1d1f87113dcee7e6722d7280c1b970a85b4a35fd3a426cd337682ae88fcc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/WindowManager.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 409
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/Grid.js

85.185.20.208

200 OK

326 B

URL GET HTTP/1.1
85.185.20.208/js/Grid.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
326 B (326 bytes)
Hash
6df1d984bbff59edcbf41e2788f11439
924fc5532079a2e67c00d2469d5c9aca1e412932
15db7c0700a40bf6a4442ff76237c92928ef583ec375a843cd94c68ad6652160

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/Grid.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 326
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/GroupControl.js

85.185.20.208

200 OK

945 B

URL GET HTTP/1.1
85.185.20.208/js/GroupControl.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
945 B (945 bytes)
Hash
71f56e2075169b78c10ab925beb13460
47b071e90b24ee5dc3e2ec387837037157bc8f62
40358d5c8910ae7ac89949d72fcc26072b7708013a01f7779810d90e20b64e4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/GroupControl.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 945
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/publicFunc.js

85.185.20.208

200 OK

13 kB

URL GET HTTP/1.1
85.185.20.208/js/publicFunc.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/alarmindex.htm?undefined

File type
data
Size
13 kB (13321 bytes)
Hash
2c5c3019c4d067b9491cd32920f1cf40
c20da607e701581fe549434c8f8b6e39aa4cd21e
941836e7061b882a163050f5e78c4e21d91d0ab97675ad4ca2632a00f9eb4f42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/publicFunc.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 13321
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/more.js

85.185.20.208

200 OK

7.9 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/more.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
7.9 kB (7927 bytes)
Hash
ae2ac9881141942d49d8fe713be13fe3
b10e883d4809bf7effa6c86c029f750d326c3489
7de60c731fe00a344e5b54d72978748081cd2fe4c1952a517e61a18ddf882980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 7927
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/md5.js

85.185.20.208

200 OK

1.6 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/md5.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
OpenPGP Secret Key
Size
1.6 kB (1623 bytes)
Hash
ac32581aa7484ac41ffa93a9b49f3a76
e58f3f9b29e85ceb0131e7e1898e7fb312cb76fe
9ddca40481524361e3b6081ff62c0479d342f5a118bd2cec3cdddd94ef75bc91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/md5.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1623
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/base64.js

85.185.20.208

200 OK

563 B

URL GET HTTP/1.1
85.185.20.208/jsCore/base64.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
563 B (563 bytes)
Hash
8ba26ea431a06be823cd3fc0173ea7f9
927f9fa4c0afce8a886c284dbb740c05f527bfb0
ae958e77f92f2e8d6655c5f814de677c10ac3f77738087eb1ab883e2a1e0e266

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/base64.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 563
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/playbackindex.js

85.185.20.208

200 OK

21 kB

URL GET HTTP/1.1
85.185.20.208/js/playbackindex.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
21 kB (20796 bytes)
Hash
408baa003781319c3f19f17eb0be5f99
40f3209a3170e3bb3ad13c345a9de9c170257659
e89115e0bc15e0ab202e511b05977c880704a58d21a0e10037f0cec5e2ccc0c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/playbackindex.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 20796
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/rpcCore.js

85.185.20.208

200 OK

5.2 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/rpcCore.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
5.2 kB (5161 bytes)
Hash
ff0f7d3c48261d8e3d9a08337f6dcbb4
0b1a05c0cb13b06bcc9577c1b1bbfd8981745666
f9d0a54dd841eed3034a9ef6dfe03ce882d0e3aee0c927063457ccd6c63355dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5161
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/m.js

85.185.20.208

200 OK

19 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/m.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
19 kB (18807 bytes)
Hash
db39b44306166a07a87e0575853f1fbb
84f8c22038dd1a03698d8ae7c9669d6f30d3e5cc
a2629452ffff157b07f1e7c4fc4f98b5db9862e011d96cefe6e9bae8b313f713

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 18807
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/rpcLogin.js

85.185.20.208

200 OK

894 B

URL GET HTTP/1.1
85.185.20.208/jsCore/rpcLogin.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
894 B (894 bytes)
Hash
69eb1ac5bc72e100aa9386fcaa072948
b07f7601e3a004667958cb20fa38d81f622c576d
f37ee56603d63e95b33f9607f676a06f0214814d790e108bb81d5e27ab235ecd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcLogin.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 894
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/loginEx.js

85.185.20.208

200 OK

2.1 kB

URL GET HTTP/1.1
85.185.20.208/js/loginEx.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.1 kB (2090 bytes)
Hash
3401877560c3d837c782232a7aaeaceb
cc1ad8f8d315128c4ba881e97cec2fe487552e4d
e8ddd3589d04b41f7f286cf85f8c1e9c425d7aba727fe1e2cb948c5789aab1d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/loginEx.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2090
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/ptzCtrl.js

85.185.20.208

200 OK

984 B

URL GET HTTP/1.1
85.185.20.208/js/ptzCtrl.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
984 B (984 bytes)
Hash
85f0fde502f7a147078db99ed675525e
1049e120ef3894f6527ba027cc327680a984f2b9
9e3501265d7009613322586d210fa94ec11ef201875eb06eff0e617f6c37ad3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ptzCtrl.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 984
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/cap.js

85.185.20.208

200 OK

255 B

URL GET HTTP/1.1
85.185.20.208/cap.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
ASCII text
Size
255 B (255 bytes)
Hash
b0a0ae6bde77440dbbc8eadc3d737e84
ef8c5575e69bf54d1f1bcc9c3c6f548c931ee13c
4076bfa33154833847b1cb53dd28c410d33a4fbada784fa2bafe0229af5bbe8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cap.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONTENT-LENGTH: 255
CONNECTION: close
Content-type: application/x-javascript;charset=utf-8

85.185.20.208/js/previewindex.js

85.185.20.208

200 OK

13 kB

URL GET HTTP/1.1
85.185.20.208/js/previewindex.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
13 kB (13366 bytes)
Hash
31e175eb5fb9dd45a490896a91d05545
569a19ba4863ef39d35cb57082f41275b2c4978d
0360d57388385bf7a7da801484670039046f6e96db5819b380106f1e8467010e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/previewindex.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 13366
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/ft.js

85.185.20.208

200 OK

54 B

URL GET HTTP/1.1
85.185.20.208/js/ft.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
54 B (54 bytes)
Hash
d6922fec5d7e406532b8ec79d6d4bf80
df155b26f55a5a1480312c12d8013b081a2d6a91
f2946d49dd3a7fc2e133ffa08938a4ce03d11c02fac4f7106526ff22b94b2fa7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ft.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 54
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/local.png

85.185.20.208

200 OK

9.4 kB

URL GET HTTP/1.1
85.185.20.208/local.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
ISO-8859 text, with very long lines (308), with CRLF line terminators
Size
9.4 kB (9429 bytes)
Hash
0b11f67e59614b912e2ad3eb02c92c8a
580a8593334578445de9ac4e3ead0ba087a53c44
b17ae44a6dda2e42e6e8514e23db77eb81d4e914b4e6d568c4f652ee1819d162

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /local.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9429
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/html/alarmindex.htm?undefined

85.185.20.208

200 OK

1.6 kB

URL GET HTTP/1.1
85.185.20.208/html/alarmindex.htm?undefined
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
1.6 kB (1620 bytes)
Hash
3e2fa57a25b1e2d6dfad61fa0d98f0cd
d006a635883a778f54056395b334bdfa701dbb86
3e376f15f9badea5dc1aa2ea8031a97581980ee5131a2d412099e3ba7578fd82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/alarmindex.htm?undefined HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1620
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/html

85.185.20.208/image/pic.png?version=2.210

85.185.20.208

200 OK

13 kB

URL GET HTTP/1.1
85.185.20.208/image/pic.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 454 x 250, 8-bit/color RGBA, non-interlaced
Size
13 kB (13139 bytes)
Hash
708884eb71bf71058c5971fff6f21467
15d0816dc0766b09970dbdb70f12300e1e97d543
d3fae0c355a6021578e9396b21aa60d24289668bc96222cfd6ef33fae78944c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/pic.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 13139
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/current_config/WebCapConfig

85.185.20.208

200 OK

83 B

URL GET HTTP/1.1
85.185.20.208/current_config/WebCapConfig
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
83 B (83 bytes)
Hash
4f6822417b3d5b89e949c3c0f5561f4f
829bc9fac2e2720fbc35695479dd55bb701332c4
2544db836da71b4f09a598f8f6642b3c97e184889eb98eefd69b1f185be79287

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /current_config/WebCapConfig HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Request: JSON
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 83
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/octet-stream

85.185.20.208/favicon.ico

85.185.20.208

200 OK

1.2 kB

URL GET HTTP/1.1
85.185.20.208/favicon.ico
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
bd9e17c46bbbc18af2a2bd718dddad0e
f8548e9f44dd45eefadd22bf0c758cb2d04912d7
95720d030ba3db423c71eef7c6d919151b2e868b9331506577bcf1050f846f98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1150
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/x-icon

85.185.20.208/jsCore/more.js

85.185.20.208

200 OK

7.9 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/more.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
7.9 kB (7927 bytes)
Hash
ae2ac9881141942d49d8fe713be13fe3
b10e883d4809bf7effa6c86c029f750d326c3489
7de60c731fe00a344e5b54d72978748081cd2fe4c1952a517e61a18ddf882980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/more.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 7927
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/rpcCore.js

85.185.20.208

200 OK

5.2 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/rpcCore.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
5.2 kB (5161 bytes)
Hash
ff0f7d3c48261d8e3d9a08337f6dcbb4
0b1a05c0cb13b06bcc9577c1b1bbfd8981745666
f9d0a54dd841eed3034a9ef6dfe03ce882d0e3aee0c927063457ccd6c63355dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/rpcCore.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 5161
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/js/publicFunc.js

85.185.20.208

200 OK

13 kB

URL GET HTTP/1.1
85.185.20.208/js/publicFunc.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/alarmindex.htm?undefined

File type
data
Size
13 kB (13321 bytes)
Hash
2c5c3019c4d067b9491cd32920f1cf40
c20da607e701581fe549434c8f8b6e39aa4cd21e
941836e7061b882a163050f5e78c4e21d91d0ab97675ad4ca2632a00f9eb4f42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/publicFunc.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 13321
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/jsCore/m.js

85.185.20.208

200 OK

19 kB

URL GET HTTP/1.1
85.185.20.208/jsCore/m.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
19 kB (18807 bytes)
Hash
db39b44306166a07a87e0575853f1fbb
84f8c22038dd1a03698d8ae7c9669d6f30d3e5cc
a2629452ffff157b07f1e7c4fc4f98b5db9862e011d96cefe6e9bae8b313f713

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jsCore/m.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 18807
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/css/reset.css

85.185.20.208

200 OK

645 B

URL GET HTTP/1.1
85.185.20.208/css/reset.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
645 B (645 bytes)
Hash
2b8e62339a37d621cadf321a85314585
faee1fc127555b7f5dc06016762c02c4950f95ec
92555b2667dffa1141cdcfddb17d45aee317ced75647d31950b53eaacee1ecbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/reset.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 645
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/js/alarmindex.js

85.185.20.208

200 OK

1.6 kB

URL GET HTTP/1.1
85.185.20.208/js/alarmindex.js
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/alarmindex.htm?undefined

File type
data
Size
1.6 kB (1584 bytes)
Hash
26a3f2f2352168b2bbcab2e3260844b1
66d60a1eec1481a2fde2298ad4b6d2af943ae73c
cbe6cbca6956943d0ba0427f403277f3ba2a5f9a32f66db6533b5dea8017d285

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/alarmindex.js HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1584
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: application/x-javascript

85.185.20.208/css/fn.css

85.185.20.208

200 OK

2.2 kB

URL GET HTTP/1.1
85.185.20.208/css/fn.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.2 kB (2213 bytes)
Hash
96bff59ac2e59ce0582ed11078330bd8
61fbb2873022c54ae4294a5a4160206523bb99a5
c9cb55a8ffed1dca8700e79fb579e11bea52a03ca5851ab33080301e645f2e52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fn.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2213
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/skin.css

85.185.20.208

200 OK

3.7 kB

URL GET HTTP/1.1
85.185.20.208/css/skin.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
3.7 kB (3740 bytes)
Hash
65ee71307b112eec928c58b537c51f8c
f3932edd7595ea1051d53b9b564d44ae65763f40
faf588e868618c34e2c5c40dcedc276283c0f0182d2073c90a7b717e3a9dd87f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/skin.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3740
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/local.png

85.185.20.208

200 OK

9.4 kB

URL GET HTTP/1.1
85.185.20.208/local.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
ISO-8859 text, with very long lines (308), with CRLF line terminators
Size
9.4 kB (9429 bytes)
Hash
0b11f67e59614b912e2ad3eb02c92c8a
580a8593334578445de9ac4e3ead0ba087a53c44
b17ae44a6dda2e42e6e8514e23db77eb81d4e914b4e6d568c4f652ee1819d162

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /local.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9429
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/css/previewindex.css

85.185.20.208

200 OK

2.1 kB

URL GET HTTP/1.1
85.185.20.208/css/previewindex.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
2.1 kB (2056 bytes)
Hash
def833ca870405099dee0cc9f7bdca07
19bd2e81d4fab5f765e8dc2d418c32e82f6025a1
8db0d2bf8d2252ab6e7338524247ec3bfb8e858e6065355e30a968f043c16ae7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/previewindex.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2056
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/ui.css

85.185.20.208

200 OK

6.5 kB

URL GET HTTP/1.1
85.185.20.208/css/ui.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
6.5 kB (6470 bytes)
Hash
f2d02e3d654657fa33a5863166844bf8
7f2d0d74e4f8b81c25c67a7b268c266a587b52cb
d6c35666096c93fe272af58cb1a90c79a4990f9f3dabefd75a8c7ae314c30995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/ui.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/previewindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6470
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/fn.css

85.185.20.208

200 OK

2.2 kB

URL GET HTTP/1.1
85.185.20.208/css/fn.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
2.2 kB (2213 bytes)
Hash
96bff59ac2e59ce0582ed11078330bd8
61fbb2873022c54ae4294a5a4160206523bb99a5
c9cb55a8ffed1dca8700e79fb579e11bea52a03ca5851ab33080301e645f2e52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fn.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2213
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/skin.css

85.185.20.208

200 OK

3.7 kB

URL GET HTTP/1.1
85.185.20.208/css/skin.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
3.7 kB (3740 bytes)
Hash
65ee71307b112eec928c58b537c51f8c
f3932edd7595ea1051d53b9b564d44ae65763f40
faf588e868618c34e2c5c40dcedc276283c0f0182d2073c90a7b717e3a9dd87f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/skin.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 3740
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/alarmindex.css

85.185.20.208

200 OK

335 B

URL GET HTTP/1.1
85.185.20.208/css/alarmindex.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/alarmindex.htm?undefined

File type
data
Size
335 B (335 bytes)
Hash
55cccaaccb23e19150b5a3bea2e7f2b1
7dc9b93c7c984c466f549ccdcbb06a819a14bdcc
37a09f8be091f5be75b7f20c20ad309d2ff3ac380806a58baf28435603aa906a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/alarmindex.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 335
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/local.png

85.185.20.208

200 OK

9.4 kB

URL GET HTTP/1.1
85.185.20.208/local.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
ISO-8859 text, with very long lines (308), with CRLF line terminators
Size
9.4 kB (9429 bytes)
Hash
0b11f67e59614b912e2ad3eb02c92c8a
580a8593334578445de9ac4e3ead0ba087a53c44
b17ae44a6dda2e42e6e8514e23db77eb81d4e914b4e6d568c4f652ee1819d162

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /local.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 9429
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/css/reset.css

85.185.20.208

200 OK

645 B

URL GET HTTP/1.1
85.185.20.208/css/reset.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
data
Size
645 B (645 bytes)
Hash
2b8e62339a37d621cadf321a85314585
faee1fc127555b7f5dc06016762c02c4950f95ec
92555b2667dffa1141cdcfddb17d45aee317ced75647d31950b53eaacee1ecbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/reset.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 645
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/css/ui.css

85.185.20.208

200 OK

6.5 kB

URL GET HTTP/1.1
85.185.20.208/css/ui.css
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
6.5 kB (6470 bytes)
Hash
f2d02e3d654657fa33a5863166844bf8
7f2d0d74e4f8b81c25c67a7b268c266a587b52cb
d6c35666096c93fe272af58cb1a90c79a4990f9f3dabefd75a8c7ae314c30995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/ui.css HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/html/alarmindex.htm?undefined
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 6470
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/css

85.185.20.208/image/allbg.png?version=2.210

85.185.20.208

200 OK

1.9 kB

URL GET HTTP/1.1
85.185.20.208/image/allbg.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 1 x 600, 8-bit colormap, non-interlaced
Size
1.9 kB (1927 bytes)
Hash
a98e6e124a4610c0e0aa4e5ebc632ee4
d01f47191118723638fd7bbc22c1476ec3057aaa
54bb9b575dd080f3219d22984f0fe0fd45891f39f3fa57180f588344629a10a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/allbg.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1927
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/pic.png?version=2.210

85.185.20.208

200 OK

13 kB

URL GET HTTP/1.1
85.185.20.208/image/pic.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 454 x 250, 8-bit/color RGBA, non-interlaced
Size
13 kB (13139 bytes)
Hash
708884eb71bf71058c5971fff6f21467
15d0816dc0766b09970dbdb70f12300e1e97d543
d3fae0c355a6021578e9396b21aa60d24289668bc96222cfd6ef33fae78944c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/pic.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 13139
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/allbg.png?version=2.210

85.185.20.208

200 OK

1.9 kB

URL GET HTTP/1.1
85.185.20.208/image/allbg.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 1 x 600, 8-bit colormap, non-interlaced
Size
1.9 kB (1927 bytes)
Hash
a98e6e124a4610c0e0aa4e5ebc632ee4
d01f47191118723638fd7bbc22c1476ec3057aaa
54bb9b575dd080f3219d22984f0fe0fd45891f39f3fa57180f588344629a10a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/allbg.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1927
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/html/playbackindex.htm?undefined

85.185.20.208

200 OK

8.0 kB

URL GET HTTP/1.1
85.185.20.208/html/playbackindex.htm?undefined
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
data
Size
8.0 kB (8009 bytes)
Hash
3ae707ce006cda8176f9636575601fc4
4158d92fd0a9e794fe00208b30f0e5e4be7c8082
11095e48e6ad11ee8d296c4c318ea1c6385fd08ef6e73da254c98ca92c25c3a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/playbackindex.htm?undefined HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 8009
P3P: CP=CAO PSA OUR
CONTENT-ENCODING: deflate
CONTENT-TYPE: text/html

85.185.20.208/image/icons.png?version=2.210

85.185.20.208

200 OK

41 kB

URL GET HTTP/1.1
85.185.20.208/image/icons.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 540 x 700, 8-bit/color RGBA, non-interlaced
Size
41 kB (41090 bytes)
Hash
103a1a53ac0ed8833a3f72bed33cfb3e
4a20949ded4e9fd72ed19f3e6b0beec5e0b325ca
6f2d0a745939fcbb19fae51b1dd93c96e4a67e1f1b4f52c12edecf350ba837dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/icons.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 41090
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/pause.png

85.185.20.208

200 OK

1.8 kB

URL GET HTTP/1.1
85.185.20.208/image/pause.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
PNG image data, 33 x 67, 8-bit colormap, non-interlaced
Size
1.8 kB (1794 bytes)
Hash
4fbc328bdf9887ec0d5239b7aebf293b
bcb44734b4d92fee5ba3e9960775f1d10e13376b
27bdab92685140f162edbbc61c8aa63bf5aac8149d43638b10c57ce89dc1897d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/pause.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/playbackindex.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 1794
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/playbackline.png

85.185.20.208

200 OK

2.1 kB

URL GET HTTP/1.1
85.185.20.208/image/playbackline.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
PNG image data, 1 x 400, 8-bit colormap, non-interlaced
Size
2.1 kB (2074 bytes)
Hash
ccd87df08164a507bf1181094c261f16
1d541300f7138b8c4198ba3b8b0abe18e8189020
c98d1d7ba912f1cf8686acbaa12c1ffb20a8d8f2f2fd067c30372f58ed21fb83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/playbackline.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/playbackindex.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 2074
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/playback.png

85.185.20.208

200 OK

19 kB

URL GET HTTP/1.1
85.185.20.208/image/playback.png
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/

File type
PNG image data, 486 x 400, 8-bit colormap, non-interlaced
Size
19 kB (18716 bytes)
Hash
65e99e3b8439a699aad73ae2d819455d
6c17da20a79d38206087cfd6c9aa5863203e7731
bf6fc0bfc643418918ae75b2a068d56ec84bc769b44f11cce408699d9c81771f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/playback.png HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/playbackindex.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 18716
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

85.185.20.208/image/icons.png?version=2.210

85.185.20.208

200 OK

41 kB

URL GET HTTP/1.1
85.185.20.208/image/icons.png?version=2.210
IP
85.185.20.208:80
ASN
#58224 Iran Telecommunication Company PJS

Requested by
http://85.185.20.208/html/previewindex.htm?undefined

File type
PNG image data, 540 x 700, 8-bit/color RGBA, non-interlaced
Size
41 kB (41090 bytes)
Hash
103a1a53ac0ed8833a3f72bed33cfb3e
4a20949ded4e9fd72ed19f3e6b0beec5e0b325ca
6f2d0a745939fcbb19fae51b1dd93c96e4a67e1f1b4f52c12edecf350ba837dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /image/icons.png?version=2.210 HTTP/1.1
Host: 85.185.20.208
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://85.185.20.208/css/skin.css
Cookie: DHLangCookie30=%2Fweb_lang%2FEnglish.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
CONNECTION: close
CONTENT-LENGTH: 41090
P3P: CP=CAO PSA OUR
CONTENT-TYPE: image/png

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML