{"report_id":"656280a6-045f-4b55-9de8-f44bdcb188b2","version":6,"status":"done","tags":["botpanel","malware"],"date":"2026-03-07T13:48:15Z","url":{"schema":"http","addr":"ddww989.win/","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":0,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ddww989.win/pages/login.php","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"title":"Unam Web Panel — Login","dom":{"size":4127,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (983)","md5":"a7663b8517c68bc714a7dfdc79f73a14","sha1":"13a7df1e42fc6d219b5f1f6dd15fa37c1ab64d3b","sha256":"88bca2602c821630dc318e44488cb9a204c1236f80265ef04852a441d8766f69","sha512":"0f7d608d7abafb1211326f26c2103005d583195c149693c125a750c0004dd21554e3e998dfdc6d168e156691030e46060f343f20b08f6360c25b8ddd88ed9f49","ssdeep":"48:n2oSIShVY6se9PqQkSB4FlXPyMntmFpr8hSTSRS4ImGswot3JX95lZcZ0j:n2VM6se9i7SU/dZSTSRS4ImGswGJbjVj","tlshash":"d181300118f0487610af29cb6cf7a5282cb5820bd5095a14b2bc43e85fb6d4eaa27d1e","dom_hash":"domhash2e1f3dbeea8c4426889ead4fd8f030c4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ddww989.win/","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":0,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T13:48:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"summary":[{"fqdn":"ddww989.win","ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"domain_registered":"2025-02-20","domain_rank":0,"first_seen":"2026-03-07T13:48:16.152582Z","last_seen":"2026-03-07T13:48:16.152582Z","alert_count":34,"request_count":17,"received_data":1791319,"sent_data":7020,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Select2","description":"Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.","website":"https://select2.org/","common_platform_enumeration":"","icon":"Select2.png","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"ddww989.win/pages/login.php","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d430c6f87e2da0f07ab7a58bc82b674e","sha1":"4a7eaf40707470b4efd1878393f3ea5356bffdce","sha256":"b55dc009bd973d6a6d373b4b0e5400dd71a82f8d62e37f8e920b7bac867d473a","sha512":"e5f6a2cb6be24ed9fe1268110dc87bfcafa9c08428788c2b17dd2d30e6e42d4f14e0ad6090205a64ce550a188cd19377aa6829968e3802ea7e8fa013a4b5c005","ssdeep":"","tlshash":"1cf0464e7471196b52f7b59b9fbf9404113b008ba409ae127a9c29917f2214cbf23d09","size":601,"data":"","first_seen":"2024-07-07T14:40:58Z","last_seen":"2026-05-23T23:29:30.023301Z","times_seen":248,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ddww989.win/__UNAM_LIB/unam_lib.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c7fb12cb6f7e2df13448f35fcc57fb4","sha1":"d21730a298168b00466ccf8d73232794c789bc23","sha256":"203a6503c36c58ca3a61da4107de3834e15419b1f5540b98e7ff2c503b01e2ee","sha512":"671f8e9854d2b8ce21b4980f07f7dbf15dcad4e4f777375556d1b439a8693add58e4957486e3d527e1e7e054ecf85c3e2ea61a8ce4cf3c9948f2447f37b2eb90","ssdeep":"","tlshash":"da11484e3f0021ce0bbaa1d4d81e4d08f412e657a792ee96742c70982fb527daa01fd6","size":952,"data":"","first_seen":"2023-03-08T15:22:52Z","last_seen":"2026-05-23T23:29:30.002355Z","times_seen":585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/jquery/jquery-3.7.1.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-05-27T15:17:52.723653Z","times_seen":161725,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/izitoast/iziToast.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"df383d4feeb05ea8bfe86a0569ef0524","sha1":"c6fd53b0a4abc2b73f55025ecb28d2eb65db93d4","sha256":"df6d4fc52f8f3af6ef59c215a1165e4667f7daaedf4c5409db56d7c133564446","sha512":"66af68f84d34c61851ffbbc9e3d9b114d274290c351354cc5a43d3c6b59c9e97c41431178148b024720a8adf77116fd7c44df51d2239184396d3a1ba045d40b4","ssdeep":"384:9hKmhCPzlc5gVCPBpcG/0CEvXArKKpQi8VREgO3MrnHzxJBkHI4505P:3K5PzlcN8DXArhpQzRHO3M7TxfGIYUP","tlshash":"2582c894722032374aa329a960ff534a3772156ca9c641a4243fcdad5b34f8939f77f8","size":18486,"data":"","first_seen":"2023-03-07T12:01:52Z","last_seen":"2026-05-27T10:58:55.060104Z","times_seen":1636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/select2/select2.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"37dd3c4be796c3e4d2914e336fc84624","sha1":"efd00b3c59b9093335cfcc043fa0576587676636","sha256":"d7a7379926f63b11f218a615443f004d03fc499bc1baf50d4142b1b2a76c3772","sha512":"ee3039e0b935cd2756616e37bcb7416aeb4ae25d1b148871fc6bd6ef41738ce6e4bce089503b9865f35033cb778780b38f04a9a41be7a04e067000547cb9a1bf","ssdeep":"768:SopHucrre3DeGGG8MinEAs3j0TGE8jGookOlxNV7TWlOvBuZRgydn/RcSf2bK/Jw:m8hC3jIG+kOvVbyJJ1CD","tlshash":"2663c64c7a537234026f20e7256b140d22366b3e600b96a8b428cded6dbed15735bf3e","size":70852,"data":"","first_seen":"2023-03-08T15:22:52Z","last_seen":"2026-05-23T23:29:29.999833Z","times_seen":656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"ddww989.win/pages/login.php","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T13:47:53.503Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pages/login.php HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/8.0.30\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'nonce-AcczcsI3eLiGNnH8ATHc7Q=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none';\r\nFeature-Policy: geolocation 'none'; microphone 'none'; camera 'none'\r\nPermissions-Policy: geolocation=(), microphone=(), camera=()\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nX-Robots-Tag: noindex, nofollow\r\nCross-Origin-Resource-Policy: same-origin\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Select2","description":"Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.","website":"https://select2.org/","common_platform_enumeration":"","icon":"Select2.png","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3502,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (324), with CRLF line terminators","md5":"d14a0809616c72ebf0981fa788dd5f52","sha1":"eb0ae41df958edd7cabd7f8398f023e9a1140257","sha256":"63512df701b96a0b1347638d84fda590d3e2da507bd14911cd63d6d9b91e1ce6","sha512":"4aa40ebaae782405b5098234b45a639a3b1b6a53c4ddb264101956f6739f0d5698a0f9521feb37d052f01c525754a68da869b0c7d72a344d539c5c50f23e281a","ssdeep":"","tlshash":"8771630428d04c7611b779d2ad76e1a4fc71420796056914b1fe17e75f76e4cca23e15","first_seen":"2026-03-07T13:48:19.526931Z","last_seen":"2026-03-07T13:48:19.526931Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/css/adminlte.min.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.719Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/css/adminlte.min.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 21 Dec 2022 00:52:50 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a258e2-151a4a\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1382986,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65148), with CRLF line terminators","md5":"1f607cd21b69517f0e571761f1e6223a","sha1":"52330d894b72cf58ba3895122774972706b30a54","sha256":"a233b4121c506a32dc3fdfd447be80e7b369e9cbce5ee8ee7c8cc95d38c7b572","sha512":"dd4c9e9765b9dbafc469bfaf69980902ddc4065f88d96e4121f8dd374a255038c99acc2e7d7d3f4164e2723d0c466cb702a29c86ef5a3fd9979c347d98e0a8c0","ssdeep":"12288:JA6LNkwxKgkfBW6xBu0qLOLvyjC64IhkI:uwxKgkfBW6xBu0qLOLvyjC64IhkI","tlshash":"e225750960f13579b0ab4e1e6dfcf9600a1f94e9c4681fbfb57b37848b8458b6163e06","first_seen":"2025-08-06T17:01:45.869473Z","last_seen":"2026-05-23T23:29:29.994895Z","times_seen":166,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":78,"dns":1,"connect":90,"send":0,"wait":93,"receive":278,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:54.385Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ddww989.win/assets/modules/fontawesome-free/css/solid.min.css\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:54 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 78196\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nConnection: keep-alive\r\nETag: \"626e0dc0-13174\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78196,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261","md5":"e8a427e15cc502bef99cfd722b37ea98","sha1":"a9922842a120a7f1eaced667480c5e185a106d69","sha256":"d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef","sha512":"113775748a4166c07e58c26cf6db7fed473732dc6124b8ee0f0dcc0d6439eb2ab2c5d9e01c67324fdf9de4105349cf30cc5796a0b0e0ce9a08f337b9d4e10b7b","ssdeep":"1536:1iGQV8Q8UOUMUd5UY3qyCkHQCCz2LL1F+u3MHLGxe3U:QVWuF33qy7HQchFz8HnU","tlshash":"3273121cf567643ef6a8e05f3c38256d4fd5c724e2e68a06748db808c4ce71d90879b6","first_seen":"2023-04-05T08:37:56Z","last_seen":"2026-05-27T15:12:08.416762Z","times_seen":147343,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":88,"receive":179,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/img/favicon.png","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:54.583Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/img/favicon.png HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:54 GMT\r\nContent-Type: image/png\r\nContent-Length: 1846\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nConnection: keep-alive\r\nETag: \"626e0dc0-736\"\r\nExpires: Mon, 06 Apr 2026 13:47:54 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1846,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit colormap, non-interlaced","md5":"596af1ae4b10854e334121133691325b","sha1":"ccbaa5ee0def372ae2d791e7c0666e5777c75198","sha256":"576d5210ef7bd676fff12be80fd61b793c5acdc618b4734f2da4cd638966e496","sha512":"5a78081268e58b9e96feaf21aad8e5f34222e72503ab08f49598f9cadfd53fcff922bbd428e3b18ff1743d9edb8a54a4c258884c29619c1436dee22e207fe5ce","ssdeep":"","tlshash":"ab3108b7810a91fdcae2d2334003682be8bd6971c72d49a0f5ee43f3445ac80e214ba0","first_seen":"2024-02-09T20:55:52Z","last_seen":"2026-05-23T23:29:30.006866Z","times_seen":694,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"https","addr":"ddww989.win/pages/login.php","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T13:47:53.307Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pages/login.php HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T15:18:44.132025Z","times_seen":15780029,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":89,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/fontawesome-free/css/solid.min.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.715Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/fontawesome-free/css/solid.min.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nContent-Length: 673\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nConnection: keep-alive\r\nETag: \"626e0dc0-2a1\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":673,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (483), with CRLF line terminators","md5":"3b659e3d10259f2c31001fee050aeb63","sha1":"b4be4363d60981bd76c578190333414f0b91407c","sha256":"7854d8e44687343f7178f324562de684a174684f0e92c66ce00d4c4bf1795fc1","sha512":"9df2a3d2a653ab9bf84b31b005de7403b132b0510cd042cca864cd337d08d847b09aeb705551868f6972122ecad701e8c81be484d33b893a1d2ba7c8ac740b09","ssdeep":"","tlshash":"3301d66d0646295141c10e0138d9ba59ed56f0b97c582f73b22adc298cfae5f21b9f09","first_seen":"2023-10-18T07:49:24Z","last_seen":"2026-05-25T14:33:41.006941Z","times_seen":454,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":80,"dns":1,"connect":88,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/izitoast/iziToast.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.724Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/izitoast/iziToast.min.js HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626e0dc0-4836\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18486,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (18398), with CRLF line terminators","md5":"df383d4feeb05ea8bfe86a0569ef0524","sha1":"c6fd53b0a4abc2b73f55025ecb28d2eb65db93d4","sha256":"df6d4fc52f8f3af6ef59c215a1165e4667f7daaedf4c5409db56d7c133564446","sha512":"66af68f84d34c61851ffbbc9e3d9b114d274290c351354cc5a43d3c6b59c9e97c41431178148b024720a8adf77116fd7c44df51d2239184396d3a1ba045d40b4","ssdeep":"384:9hKmhCPzlc5gVCPBpcG/0CEvXArKKpQi8VREgO3MrnHzxJBkHI4505P:3K5PzlcN8DXArhpQzRHO3M7TxfGIYUP","tlshash":"2582c894722032374aa329a960ff534a3772156ca9c641a4243fcdad5b34f8939f77f8","first_seen":"2023-03-07T12:01:52Z","last_seen":"2026-05-27T10:58:55.060104Z","times_seen":1636,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/__UNAM_LIB/unam_lib.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.727Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__UNAM_LIB/unam_lib.js HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 952\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nConnection: keep-alive\r\nETag: \"626e0dc0-3b8\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":952,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"8c7fb12cb6f7e2df13448f35fcc57fb4","sha1":"d21730a298168b00466ccf8d73232794c789bc23","sha256":"203a6503c36c58ca3a61da4107de3834e15419b1f5540b98e7ff2c503b01e2ee","sha512":"671f8e9854d2b8ce21b4980f07f7dbf15dcad4e4f777375556d1b439a8693add58e4957486e3d527e1e7e054ecf85c3e2ea61a8ce4cf3c9948f2447f37b2eb90","ssdeep":"","tlshash":"da11484e3f0021ce0bbaa1d4d81e4d08f412e657a792ee96742c70982fb527daa01fd6","first_seen":"2023-03-08T15:22:52Z","last_seen":"2026-05-23T23:29:30.002355Z","times_seen":585,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":158,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"https","addr":"ddww989.win/","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T13:47:52.852Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T15:18:44.132025Z","times_seen":15780029,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":163,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T13:47:53.119Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/8.0.30\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'nonce-sBq1ACHu+cVDACcT5UWNtw=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none';\r\nFeature-Policy: geolocation 'none'; microphone 'none'; camera 'none'\r\nPermissions-Policy: geolocation=(), microphone=(), camera=()\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nX-Robots-Tag: noindex, nofollow\r\nCross-Origin-Resource-Policy: same-origin\r\nSet-Cookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0; path=/; HttpOnly; SameSite=Strict\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nLocation: pages/login.php\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T15:18:44.132025Z","times_seen":15780029,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":85,"dns":1,"connect":88,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/fontawesome-free/css/fontawesome.min.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.713Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/fontawesome-free/css/fontawesome.min.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626e0dc0-e23c\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57916,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (57726), with CRLF line terminators","md5":"bb747d04bc4c8aa452bb9bd91ae47935","sha1":"9039d9584b2e8f55f9da771dcf1b4854b6633e14","sha256":"e0351876703417eb2a9985cb15ecf9910966d2941e7c61c8f3907a2834c38383","sha512":"183bb769f52845161f8f209d3a443b13da8597ff3493d0e72ee6568e81e59f7d3818f52deaf354c3cb40e7aeae11806fa3bbefc2b9cb6f25c026f59a9a27b224","ssdeep":"768:GYh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSzO:GY0PxXE4YXJgndFTfy9lt5C","tlshash":"2f43f9b8e54c01cab731c44bef42b2bc61b6f73de5914d95f00e691c2ad26a811c5fba","first_seen":"2023-05-09T19:26:26Z","last_seen":"2026-05-24T02:28:57.045103Z","times_seen":482,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/izitoast/iziToast.min.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.716Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/izitoast/iziToast.min.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626e0dc0-a221\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41505,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41419), with CRLF line terminators","md5":"b2f7bdc3ed47f5956551ce0333925792","sha1":"d2c6cd54cf8a6c040c28844b306543b76eeab8b8","sha256":"7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01","sha512":"3b4de7b57a15a9a1944c07809af436612ce40af72564470f42ed5eaa5a0f6877c9e51b8d1a24b897edddb9a89d0fcd353f9d09dbc107ca89c2574e825254d26a","ssdeep":"384:wV5zpPVWahj8Ik/4kYip7pHRiJhkgL6LlG1oLzlRCPoA50UhLoMPFPsR4lweGbzi:MPVNhlHgppGf1oWQA1","tlshash":"b21345fd15f0124454c6ab4296da6a980e3fcd9770ea1cef32cd344b8b46b9e136532b","first_seen":"2023-04-10T01:55:59Z","last_seen":"2026-05-27T10:58:55.084245Z","times_seen":1362,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":79,"dns":0,"connect":88,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/css/custom.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.720Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/css/custom.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 05 Feb 2024 12:50:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"65c0d98e-14ce\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5326,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with CRLF line terminators","md5":"1123383213092643b28c31c521a184ef","sha1":"5a584dd8aa499f0f0d97734b5f1c6a20444d77a4","sha256":"19567504a2faa9db6515f2323aeb58f0892db85b0fca2a3cb7ffea243369d43f","sha512":"18142c7ba5aad4a39538c863813b05fc38534f62c5c9182e591540650774e7755780e00de72fd43c55dabbf8ade06f2d2c1c0abc4caf23509b134c685d801414","ssdeep":"96:3I5or2lczkeSZohW07X8rDdau7iiN0IXlTFLRSL6C:Y5or2lcoeSZohVXudaIHNXlT6","tlshash":"e2b123b9c612261375779fe827d59001ef286063cd471bbcbac962048ff5494ab72ecd","first_seen":"2024-02-12T07:25:07Z","last_seen":"2026-05-23T23:29:29.997422Z","times_seen":257,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":79,"dns":0,"connect":90,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/jquery/jquery-3.7.1.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.721Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/jquery/jquery-3.7.1.min.js HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Mon, 15 Jan 2024 07:26:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"65a4de26-155ed\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87533,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-05-27T15:17:52.723653Z","times_seen":161725,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":161,"dns":0,"connect":0,"send":0,"wait":90,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/select2/select2.min.js","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.725Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/select2/select2.min.js HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626e0dc0-114c4\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70852,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64130), with CRLF line terminators","md5":"37dd3c4be796c3e4d2914e336fc84624","sha1":"efd00b3c59b9093335cfcc043fa0576587676636","sha256":"d7a7379926f63b11f218a615443f004d03fc499bc1baf50d4142b1b2a76c3772","sha512":"ee3039e0b935cd2756616e37bcb7416aeb4ae25d1b148871fc6bd6ef41738ce6e4bce089503b9865f35033cb778780b38f04a9a41be7a04e067000547cb9a1bf","ssdeep":"768:SopHucrre3DeGGG8MinEAs3j0TGE8jGookOlxNV7TWlOvBuZRgydn/RcSf2bK/Jw:m8hC3jIG+kOvVbyJJ1CD","tlshash":"2663c64c7a537234026f20e7256b140d22366b3e600b96a8b428cded6dbed15735bf3e","first_seen":"2023-03-08T15:22:52Z","last_seen":"2026-05-23T23:29:29.999833Z","times_seen":656,"resource_available":true,"data":null}},"time_used":338,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":90,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/modules/select2/select2.min.css","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:53.718Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/modules/select2/select2.min.css HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:53 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sun, 01 May 2022 04:34:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626e0dc0-3a77\"\r\nExpires: Sun, 08 Mar 2026 01:47:53 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14967,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14965), with CRLF line terminators","md5":"ba5948c0bda0f5f26bd3068ce565deaa","sha1":"6d28595693ce13f1a79db7d5c73bd82b13cf63b5","sha256":"c2a282dd6dac10a3fbf469b4e67f489608777854e6d157bf11233dfbaa16851e","sha512":"b697887282e03a0838bc8fba10b5f85144dcf14727a01703ea6bbf047b30860c58aef75bcfc9fe76ae5f291be60369ad22cf39c98d7a1d8ac90b4ca68b2776a6","ssdeep":"192:pL5u/nTfc3aqPJRQ9CPjOtWlUJKLPcH9tPOs:3u/TfXARQ9htWGSPcdws","tlshash":"c162b935bacc2235b0bf8e7f6cf274946729dd5fc4111b9ab8e9e594c8e04540a8b60f","first_seen":"2023-04-05T16:05:37Z","last_seen":"2026-05-27T03:55:25.798625Z","times_seen":3219,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":79,"dns":1,"connect":88,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"ddww989.win/assets/fonts/sourcesanspro-regular-webfont.woff2","fqdn":"ddww989.win","domain":"ddww989.win","tld":"win"},"ip":{"addr":"45.88.91.156","port":80,"asn":399486,"as":"VIRTUO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://ddww989.win/pages/login.php","date":"2026-03-07T13:47:54.378Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/sourcesanspro-regular-webfont.woff2 HTTP/1.1\r\nHost: ddww989.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ddww989.win/assets/css/custom.css\r\nCookie: PHPSESSID=4njr7ne2s2mp3m30831jk080f0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 13:47:54 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 20540\r\nLast-Modified: Sat, 03 Feb 2024 11:44:44 GMT\r\nConnection: keep-alive\r\nETag: \"65be272c-503c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20540,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20540, version 2.2949","md5":"d67b548b833d70dda3779916f5415e7e","sha1":"f1d3b0c478384a35f0766d9d1839aea81a164b3f","sha256":"8792619becd8b285e78f14bfcf1ad66e2adbae0f5ec8ad131246621f806ac535","sha512":"32ce084765a96ac31266b085ec6f16784b8c13eaaea28dc532304e203434f088e315e31dabc59f6fa8a42f447adafe8682b34c3f33adc695d140657302fa2950","ssdeep":"384:1RCN0g12CVceFNHIfF/WeFdM801OnXSvZHLfqaCBDTOxCd7KWn2lnepPKbkH1jV:GWg1jOfFw80MnXSvBfp4uMYZSPK4H1jV","tlshash":"4592e12851f8bfc1df2ea9753ef0c95cc6ad25503421f32552601b763f326a3745b286","first_seen":"2023-05-04T15:22:18Z","last_seen":"2026-05-26T20:47:05.141566Z","times_seen":1494,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ddww989.win","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}}]}