{"report_id":"6ef254fa-7f3f-4ada-bd3a-329bd83de3f4","version":6,"status":"done","tags":["botpanel","malware","hook"],"date":"2026-01-03T07:48:47Z","url":{"schema":"http","addr":"154.201.84.243:8080/","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":0,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"154.201.84.243:8080/?token=\u0026password=","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"title":"HOOKBOT PANEL","dom":{"size":7996,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7996), with no line terminators","md5":"84f5d2bca7b1ad05d2527f7708053b60","sha1":"b7c22e25b4a0e500b5543b4a56214b7f9ff1970a","sha256":"aa7a2965c76dfbccd4206ae2168af5e94ac307dfbcbea1aebbea2114ef563d22","sha512":"ac54d06428288ff93c6fd32be550206639b6a19ebb210d58924229745c540962b28ce6c3cc17185a29b6c4ade22292f395a43e7adf4e71066cd85ee758fcf6ba","ssdeep":"192:GRUvA0g7gpDFZZdCpkM5RbkgPTSPCk4syvOhDT7iYvVLn/DRYp:9PDD7CC4bDT1sDT7iYvVL/Gp","tlshash":"d5f1b758b582b0345263b1b6603fa00ee2767006959b9820e037d4e5eeb4e8d5573f7d","dom_hash":"domhash321b01b1694deda0cabd4fca29682175","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"154.201.84.243:8080/","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":0,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T07:48:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]},"summary":[{"fqdn":"purecatamphetamine.github.io","ip":{"addr":"185.199.109.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2013-03-08","domain_rank":207655,"first_seen":"2020-11-06T10:34:18Z","last_seen":"2026-01-01T13:43:43.993722Z","alert_count":0,"request_count":2,"received_data":2074,"sent_data":940,"comment":"","tags":null,"fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"154.201.84.243","ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":54,"request_count":27,"received_data":5681966,"sent_data":10878,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"154.201.84.243:8080/f3a54eac-1b5b-4e4d-8a98-e00450a01125","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e33b24695f184d70bc0b86272b8cdda","sha1":"3d9efb138fc86436d681f783b17b7b4e6c578051","sha256":"a7697aad7d78aadc0cb27c3758fac44d97fa6486daaa6e06f08ba71298a6cd5e","sha512":"2f0b2db4a56c9fa6be47e4a4ceff100cf5bd8ceb4413144f5ad96e14854fa236f33a9669a6646dfc2e492b5eb852e07578895d6f21d34c0f56eb71df38023a63","ssdeep":"49152:luihX0cTATLqO26LwLfa1TM8iH2KTW95ncEq2nDSIqzHVj:zAy7RWIX","tlshash":"bd06c54c325bf354915a80d7e43f2c49e2aee589a00b44e0af3187f31ab5746f66ee17","size":3818650,"data":"","first_seen":"2026-01-03T07:48:55.563665Z","last_seen":"2026-01-03T07:48:55.563665Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.201.84.243:8080/?token=\u0026password=","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"090f2d113f6471f5e8eca36a216eacd4","sha1":"9767628c05c02906d06e1a2624f664b9d246f466","sha256":"3cb0e5c7acf03c0dc82b929a5f89874e7530b132a47e1994bd85eb3f81659bd9","sha512":"9c357a5d2293d2cc336779c1a9268de8f2d7834c367431be40b54288bd245d799a0ee864bd0acac11669975f6ada517a20cb0c0dd3f8564d4b4737927f6f006f","ssdeep":"","tlshash":"8ac08c01ec04c9ed70f0e408a70fa8b2a508e05072b060293a5a0889ac3a839da98ed9","size":164,"data":"","first_seen":"2026-01-03T07:48:55.568043Z","last_seen":"2026-01-03T07:48:55.568043Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.201.84.243:8080/?token=\u0026password=","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"70597646447438e8dc6d467a58c8b621","sha1":"5ef2d7ea812458650bc92eb9e54cfe2be154cb98","sha256":"14e964da24f4245105a12c0d591295ba8cd8732506898e9aa6e9e346936e39a3","sha512":"90ae7b8e2aa00105b103a9b5f9c6e7b9e45d4610080e7bc83c14e523f0abe39d6f4506e1c3690a79678f1cd59339b6fdb8a843fee686893b55aacb00b2b21da0","ssdeep":"96:ahrCpk3W95qoLTnkf4PTSPCkKlse1Yw95OhWkT3pFiYvVv:adCpkM5RbkgPTSPCk4syvOhDT7iYvVv","tlshash":"17b15298b6c7f030869664ba403f600bf3b6745614ced450e026d8e1ee78a8d6567f6d","size":5195,"data":"","first_seen":"2025-03-18T06:45:47.259891Z","last_seen":"2026-05-09T07:07:06.299309Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.201.84.243:8080/","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"090f2d113f6471f5e8eca36a216eacd4","sha1":"9767628c05c02906d06e1a2624f664b9d246f466","sha256":"3cb0e5c7acf03c0dc82b929a5f89874e7530b132a47e1994bd85eb3f81659bd9","sha512":"9c357a5d2293d2cc336779c1a9268de8f2d7834c367431be40b54288bd245d799a0ee864bd0acac11669975f6ada517a20cb0c0dd3f8564d4b4737927f6f006f","ssdeep":"","tlshash":"8ac08c01ec04c9ed70f0e408a70fa8b2a508e05072b060293a5a0889ac3a839da98ed9","size":164,"data":"","first_seen":"2026-01-03T07:48:55.568043Z","last_seen":"2026-01-03T07:48:55.568043Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.201.84.243:8080/","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"70597646447438e8dc6d467a58c8b621","sha1":"5ef2d7ea812458650bc92eb9e54cfe2be154cb98","sha256":"14e964da24f4245105a12c0d591295ba8cd8732506898e9aa6e9e346936e39a3","sha512":"90ae7b8e2aa00105b103a9b5f9c6e7b9e45d4610080e7bc83c14e523f0abe39d6f4506e1c3690a79678f1cd59339b6fdb8a843fee686893b55aacb00b2b21da0","ssdeep":"96:ahrCpk3W95qoLTnkf4PTSPCkKlse1Yw95OhWkT3pFiYvVv:adCpkM5RbkgPTSPCk4syvOhDT7iYvVv","tlshash":"17b15298b6c7f030869664ba403f600bf3b6745614ced450e026d8e1ee78a8d6567f6d","size":5195,"data":"","first_seen":"2025-03-18T06:45:47.259891Z","last_seen":"2026-05-09T07:07:06.299309Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fav/apple-touch-icon.png","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:26.813Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fav/apple-touch-icon.png HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:27 GMT\r\nContent-Type: image/png\r\nContent-Length: 6573\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-19ad\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6573,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"90a61dcc76d704b2e861a0465ced2f87","sha1":"27b6cebdd96c0434c2fe10db0d58b2c3135c9728","sha256":"73ce3b381a9a2c555f88fbfc873a53137b120d0e0398894d130408431a7799af","sha512":"fc441447ba4237afc693fed9ee68b86f9a83e686a1c98b512f520214a926f8746dbfcc266ae54695d53a2fe36bc6ae8c0cdfa998ddf2ccc1f1724757bd833fea","ssdeep":"96:MIXoTewnynwNYEf3fo3zaNS7Au/Ad4YAj7ovvGtT6sbTFxrN1JhDARDUjsG:Miey6Yn3zRV/jWvvGl1XFxfJhMUjsG","tlshash":"edd1adc7a9cdf79e59e9a3e383ce818383e3d01c529e605877a3c28c2c445a596124f6","first_seen":"2023-11-05T22:04:48Z","last_seen":"2026-05-09T07:07:06.292416Z","times_seen":154,"resource_available":false,"data":null}},"time_used":566,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":566,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/static/js/main.f5d0a272.js","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:28.674Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/main.f5d0a272.js HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:29 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-3a449a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3818650,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"e8d2dbfb1ccbf07d06ff77208f318b90","sha1":"553e33c50ad112dfa1c51583b943aa2e8ab2e9a3","sha256":"afd4d732284b59c69293e90da60ddcdfc4d5241c3ad2b06b95e46803eb1b3082","sha512":"66ab8b17e8aaee6ca86c8d820abb97457d8eca8e73708d80bb22cf3901dc116ada834c31c859ec7e416a6f75e7ebb1af8248bb3888fefc6a05704cfb6099c095","ssdeep":"6144:Vh9dQihXI9G0q6u6c6+hATh9oqQh01923nbeqJnoooMzi1qSDgkQb2Xp/LwLfF43:luihXIzqsc6CATh9qer2lkP5LwLfup0U","tlshash":"7825e94c3a4ef310995990e7d03b2c0a922de505b40b48a46f3097f76ab5797f3eed26","first_seen":"2026-01-03T07:48:55.533891Z","last_seen":"2026-01-03T07:48:55.533891Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4490,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":544,"receive":3946,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/images/hook.svg","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:33.997Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/hook.svg HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:34 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-1e9a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7834,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (7834), with no line terminators","md5":"4eb9547e5cec312aaa68d160489e8f51","sha1":"2869b54cc7325357c12efeac4095ba6b13e64277","sha256":"ab79e77f1f1ff6d60462ea3ffebb067ae71ecbe8f05ef4d96743c80fb97c6f55","sha512":"2f23a4cbcbc34871f6363c78e07dafafc281020efd8bd0f4bb13682a84d9b3b848fe3554a7741c4fed82a1e5e35f3b1864417c6c2b29954f6a326e0aa13c9f51","ssdeep":"192:uUvA0g7gpDFZZdCpkM5RbkgPTSPCk4syvOhDT7iYvVwRQp:1PDD7CC4bDT1sDT7iYvVHp","tlshash":"27f1b798b582b0345263b1b6507fa00ef27a7406a48bd824e037d4e5eeb8e8d5573f7d","first_seen":"2026-01-03T07:48:55.536737Z","last_seen":"2026-01-03T07:48:55.536737Z","times_seen":1,"resource_available":false,"data":null}},"time_used":505,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":504,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/images/login_sd.mp4","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:34.197Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/images/login_sd.mp4 HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:34 GMT\r\nContent-Type: video/mp4\r\nContent-Length: 6265758\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-5f9b9e\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Range: bytes 0-6265757/6265758\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36200,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"7fcae7832244dc926e396652bd863571","sha1":"dfe5d9a1ee5a532df952d481ae6dd14d4f408d0d","sha256":"658a158e00867fb441a2531f18a310cbe6af20a16a429aca3fafb29623176275","sha512":"7fa9babccb73dfb825ed08ec94a814b5c7c7b895b5e4d822cdff49a59cbce6479a7cda38390a9b4a23d0207ff51671b8bfda85e46f6033667e32d63697265882","ssdeep":"768:uk74tHlaojnAM0eA1OCfiBg6gSgQLpvOuTUxskzHua9CkABwiX:uoSQojA17fiBgTtQLpvOuUY7kABJX","tlshash":"9ef2f1389fddf5c968c628f4423daaf280419205c99902bc813e4e7fa1c64b1ef1d5af","first_seen":"2025-04-29T10:20:52.402828Z","last_seen":"2026-01-03T07:48:55.539292Z","times_seen":2,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":263,"receive":286,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/mulish/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:36.868Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/mulish/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-672\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1650,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"52a70196f93d6cbde026b45ed2be798a","sha1":"77f415c3dd48043669df473d94a9200f867fcab8","sha256":"e09bb0962eaf03380ebd592134c4cbccd9a9dbe0cad5d8c886c42e50c078e728","sha512":"6df289b62da4ff426698f1244e678d05634b59c01216d1f53951c0dbce659c21a3c1fb16a66e22bb0b5e75b95bbba9f726f7c48477f8bab1aaff32cfaa309f54","ssdeep":"","tlshash":"19317881140a2910f2672ccd27ce6e26d50ea143514062327bfebbd5afba93422a8f5d","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.291702Z","times_seen":154,"resource_available":false,"data":null}},"time_used":1658,"timings":{"blocked":550,"dns":0,"connect":559,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/icons/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:36.866Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/icons/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-db0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3504,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"cf10c1b8b9348fc2752bd628143e6769","sha1":"da766143af460e3863f789fc1db9b281766cb4bb","sha256":"002a20bb327c239893a00b908f0ed4cebb527a2957e61aa49528b71a6a450490","sha512":"a18ae99e905020f19401f6632a91a15c1505268a4199459de96f08010596dafefd48aa94bfb4a6e62497f5a0d4b0329032901bebbf6117bf9a7239e595de6e63","ssdeep":"","tlshash":"a07177f8a87d11405b60de91a3533a31af2c91b4ce936c8af2579c5c67eb6009186ffd","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.284537Z","times_seen":155,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/icons/permissions/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:36.867Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/icons/permissions/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-569\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"e7a2f49096e4eec6fb152bd3bbd3a79d","sha1":"7edb77dfac88b03ae84579f7df14d7970dbf8e48","sha256":"192a731c7357c9cc21c2ed31feb497561738fbb7353e047d3eb30bf06075c7f5","sha512":"899bbe2a1d6e972ad2553cee2ec9395121a2802f070dac3232df6b21029c2e53809b4cea72f8ebc673f12b7f9e744e8e3ab72878b2c32a34f4e3a431381abb68","ssdeep":"","tlshash":"db2127e4ecbc18805351d4c432a73b64bf1c92169c4a6c5aa7a3780caff774191e238d","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.276529Z","times_seen":157,"resource_available":false,"data":null}},"time_used":1061,"timings":{"blocked":351,"dns":0,"connect":360,"send":0,"wait":350,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T07:48:24.536Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:25 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-1e9a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7834,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (7834), with no line terminators","md5":"4eb9547e5cec312aaa68d160489e8f51","sha1":"2869b54cc7325357c12efeac4095ba6b13e64277","sha256":"ab79e77f1f1ff6d60462ea3ffebb067ae71ecbe8f05ef4d96743c80fb97c6f55","sha512":"2f23a4cbcbc34871f6363c78e07dafafc281020efd8bd0f4bb13682a84d9b3b848fe3554a7741c4fed82a1e5e35f3b1864417c6c2b29954f6a326e0aa13c9f51","ssdeep":"192:uUvA0g7gpDFZZdCpkM5RbkgPTSPCk4syvOhDT7iYvVwRQp:1PDD7CC4bDT1sDT7iYvVHp","tlshash":"27f1b798b582b0345263b1b6507fa00ef27a7406a48bd824e037d4e5eeb8e8d5573f7d","first_seen":"2026-01-03T07:48:55.536737Z","last_seen":"2026-01-03T07:48:55.536737Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1333,"timings":{"blocked":447,"dns":0,"connect":455,"send":0,"wait":431,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/mulish/1Ptyg83HX_SGhgqO0yLcmjzUAuWexZNR8aevGw.woff2","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:26.823Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/mulish/1Ptyg83HX_SGhgqO0yLcmjzUAuWexZNR8aevGw.woff2 HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/assets/fonts/mulish/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:27 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 11232\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-2be0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11232,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11232, version 1.0","md5":"f4429b00adf61350183e1037f446fd40","sha1":"a23ad1c7b309f8da507b96efad46313f72d3a351","sha256":"ad234f0985f2142bb1fa3a281ddf2511d320f84f73422df2b2384f115b4b9131","sha512":"4878a81633320634eab8d6493c130eec573834433693096b2acecaf0bcc9232c2a945a06a61b2e4522e1a5f789b84221098dfca7d6db071efe9586bd77c07bf3","ssdeep":"192:lIIvN2i4YfGz24CRxgELe5Wx6gN9bXf30Am9Ht1NOqQOn6ivI:lIIvN2i4rz2bjESvfPTmtXOdqvI","tlshash":"0532b0e8abda6657464636f7b49a0c7cc1d41b442f1f4a0a1886c733905f72a8248277","first_seen":"2023-04-09T18:33:33Z","last_seen":"2026-05-27T18:55:48.395294Z","times_seen":778,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":611,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/images/hook.svg","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:33.920Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/hook.svg HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T21:37:18.64969Z","times_seen":15792041,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"https","addr":"purecatamphetamine.github.io/country-flag-icons/3x2/US.svg","fqdn":"purecatamphetamine.github.io","domain":"purecatamphetamine.github.io","tld":"github.io"},"ip":{"addr":"185.199.109.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:33.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /country-flag-icons/3x2/US.svg HTTP/1.1\r\nHost: purecatamphetamine.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: GitHub.com\r\ncontent-type: image/svg+xml\r\nx-origin-cache: HIT\r\nlast-modified: Fri, 21 Nov 2025 22:22:32 GMT\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31556952\r\netag: W/\"6920e628-548\"\r\nexpires: Tue, 30 Dec 2025 01:56:01 GMT\r\ncache-control: max-age=600\r\ncontent-encoding: gzip\r\nx-proxy-cache: HIT\r\nx-github-request-id: 249B:33D7C6:7D61B58:7F32BBE:69532EF4\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 07:48:34 GMT\r\nvia: 1.1 varnish\r\nage: 470\r\nx-served-by: cache-hel1410020-HEL\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1767426514.038680,VS0,VE1\r\nvary: Accept-Encoding\r\nx-fastly-request-id: 2cd00fc7205b318ad5f56576bd74494ef4a7c194\r\ncontent-length: 480\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":1352,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"447e2bf0533bec7a411b9a970b74f0ed","sha1":"bff8541efa1cff6e3a9613616682d0cba8bdbe45","sha256":"0368f33db1cc70ef5eee2a5de99571b65d394d8964f4824ce3919d45998775c0","sha512":"8a82e6a84b1b6637dcb82b3db9f39dd069848d81c17124a0da727624aaec37afcb3d646d96a54f20587d2aae935ab05dc18428be3ffff0b3b2d38ec19df67810","ssdeep":"","tlshash":"5021e1c743002834fadf83e0d62932b06ddf684461958468bda8d760b2f89d986decd6","first_seen":"2023-05-22T02:03:31Z","last_seen":"2026-05-27T20:11:59.117502Z","times_seen":949,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":34,"dns":1,"connect":13,"send":0,"wait":14,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fontawesome/css/fontawesome.min.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:36.860Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fontawesome/css/fontawesome.min.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-13b0b\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80651,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65317)","md5":"d318f674308800c356f650173502cf6d","sha1":"f2c5219fb9f58c2baee6dbd965741975cbc8ae71","sha256":"863ab50a39fc203ca8f614cef14c6cc700ee64bfeacd41426dce9ef8cbd98509","sha512":"46f431c1ffb7cc9b8dc25e1ed2c66341e5fb9146b7a3cd9b0c44e9815087d918b06126550dd149ecdff0a0d8a037f95dc8e3a82b0f39f388cce2995076df1b84","ssdeep":"1536:4fMCMPMCMjMCM4MCMwMCM3spL70pgbPMfjSFbTyMGuF:070pgMGFvyMGuF","tlshash":"ab73cbf5e44c15d97732c44beb58b37c61b6f738d9810da9f02f580d1ac26a822c6b7a","first_seen":"2023-04-07T14:45:52Z","last_seen":"2026-05-24T11:17:22.919077Z","times_seen":380,"resource_available":false,"data":null}},"time_used":1578,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":844,"receive":734,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fontawesome/css/all.min.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:36.862Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fontawesome/css/all.min.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-18d98\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101784,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65317)","md5":"6cb5a85b30082e3d59d7e371e002ce8d","sha1":"0c639634f474b4601a7937f440096185f3a9d8d3","sha256":"01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349","sha512":"c61e8efc2910a0f3960dd6130ea79174f0957754a9bc203d5d77149d94b616624da75728005cefb4237d0666a613ee1a1caf32c941d44827091e05e5a13c93d8","ssdeep":"1536:4fMCMPMCMjMCM4MCMwMCM3spL70pgbPMfjSFbTyMGu3prfZCC:070pgMGFvyMGu3pfZCC","tlshash":"23a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T20:32:18Z","last_seen":"2026-05-27T12:21:28.03227Z","times_seen":5149,"resource_available":false,"data":null}},"time_used":1178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":596,"receive":582,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fav/favicon-16x16.png","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:38.673Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fav/favicon-16x16.png HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 1035\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-40b\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"20483239adc0dc66bbabbbe2cc33f6fe","sha1":"c30dd2f134cab3d4d620b34a3ed736a0ee0e0658","sha256":"b13b77f0b3d95c1146394ea855d915f189d3ea374179755cfb2ac47bfc8f306c","sha512":"a4ac4cb15f4b4fa756fd573e57cfd032a2931e1b3685dc2d9066ec2f63d36e8fc35a0a3567bb731244da7682aba956e0ec30ad993afe86dd7b6b7f36e89f85d4","ssdeep":"","tlshash":"c21165d57059acb0c0d6225340c25347ea3a40267513cd2bb70fd5bc0be9bfe1554443","first_seen":"2023-11-05T22:04:48Z","last_seen":"2026-05-09T07:07:06.28122Z","times_seen":154,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":635,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fontawesome/css/fontawesome.min.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:25.545Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fontawesome/css/fontawesome.min.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:26 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-13b0b\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80651,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65317)","md5":"d318f674308800c356f650173502cf6d","sha1":"f2c5219fb9f58c2baee6dbd965741975cbc8ae71","sha256":"863ab50a39fc203ca8f614cef14c6cc700ee64bfeacd41426dce9ef8cbd98509","sha512":"46f431c1ffb7cc9b8dc25e1ed2c66341e5fb9146b7a3cd9b0c44e9815087d918b06126550dd149ecdff0a0d8a037f95dc8e3a82b0f39f388cce2995076df1b84","ssdeep":"1536:4fMCMPMCMjMCM4MCMwMCM3spL70pgbPMfjSFbTyMGuF:070pgMGFvyMGuF","tlshash":"ab73cbf5e44c15d97732c44beb58b37c61b6f738d9810da9f02f580d1ac26a822c6b7a","first_seen":"2023-04-07T14:45:52Z","last_seen":"2026-05-24T11:17:22.919077Z","times_seen":380,"resource_available":false,"data":null}},"time_used":1239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":638,"receive":601,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/mulish/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:25.550Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/mulish/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:26 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-672\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1650,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"52a70196f93d6cbde026b45ed2be798a","sha1":"77f415c3dd48043669df473d94a9200f867fcab8","sha256":"e09bb0962eaf03380ebd592134c4cbccd9a9dbe0cad5d8c886c42e50c078e728","sha512":"6df289b62da4ff426698f1244e678d05634b59c01216d1f53951c0dbce659c21a3c1fb16a66e22bb0b5e75b95bbba9f726f7c48477f8bab1aaff32cfaa309f54","ssdeep":"","tlshash":"19317881140a2910f2672ccd27ce6e26d50ea143514062327bfebbd5afba93422a8f5d","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.291702Z","times_seen":154,"resource_available":false,"data":null}},"time_used":1640,"timings":{"blocked":543,"dns":0,"connect":554,"send":0,"wait":543,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fav/favicon-16x16.png","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:26.815Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fav/favicon-16x16.png HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:26 GMT\r\nContent-Type: image/png\r\nContent-Length: 1035\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-40b\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"20483239adc0dc66bbabbbe2cc33f6fe","sha1":"c30dd2f134cab3d4d620b34a3ed736a0ee0e0658","sha256":"b13b77f0b3d95c1146394ea855d915f189d3ea374179755cfb2ac47bfc8f306c","sha512":"a4ac4cb15f4b4fa756fd573e57cfd032a2931e1b3685dc2d9066ec2f63d36e8fc35a0a3567bb731244da7682aba956e0ec30ad993afe86dd7b6b7f36e89f85d4","ssdeep":"","tlshash":"c21165d57059acb0c0d6225340c25347ea3a40267513cd2bb70fd5bc0be9bfe1554443","first_seen":"2023-11-05T22:04:48Z","last_seen":"2026-05-09T07:07:06.28122Z","times_seen":154,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"https","addr":"purecatamphetamine.github.io/country-flag-icons/3x2/US.svg","fqdn":"purecatamphetamine.github.io","domain":"purecatamphetamine.github.io","tld":"github.io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:33.956Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /country-flag-icons/3x2/US.svg HTTP/1.1\r\nHost: purecatamphetamine.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T21:37:18.64969Z","times_seen":15792041,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":26,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"ws","addr":"154.201.84.243:3434/socket.io/?EIO=3\u0026transport=websocket","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":3434,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:33.895Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 154.201.84.243:3434\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nSec-WebSocket-Version: 13\r\nOrigin: http://154.201.84.243:8080\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: saCbviGVyQxb2o7pHyLOug==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: yDxy8dDL2Og39/7xcsapJGhU/YQ=\r\nAccess-Control-Allow-Origin: http://154.201.84.243\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T21:37:18.64969Z","times_seen":15792041,"resource_available":true,"data":null}},"time_used":574,"timings":{"blocked":0,"dns":0,"connect":285,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/icons/permissions/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:25.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/icons/permissions/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:26 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-569\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"e7a2f49096e4eec6fb152bd3bbd3a79d","sha1":"7edb77dfac88b03ae84579f7df14d7970dbf8e48","sha256":"192a731c7357c9cc21c2ed31feb497561738fbb7353e047d3eb30bf06075c7f5","sha512":"899bbe2a1d6e972ad2553cee2ec9395121a2802f070dac3232df6b21029c2e53809b4cea72f8ebc673f12b7f9e744e8e3ab72878b2c32a34f4e3a431381abb68","ssdeep":"","tlshash":"db2127e4ecbc18805351d4c432a73b64bf1c92169c4a6c5aa7a3780caff774191e238d","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.276529Z","times_seen":157,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":502,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/static/css/main.397ec292.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:26.819Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/main.397ec292.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:27 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-a4dac\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":675244,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (50737)","md5":"1cf163c0c0b1696a7220c3e951629262","sha1":"f8205a4d5419c99c4de59b1de3ea66abaa56cf73","sha256":"5bf31c83371902b8a44eeaadddcc1dad52b39d074bc3c0613df9ead6850a6a6c","sha512":"854a4f1515499150ad14fd1dedce03a1eb0211307a1709882c784e606c5a30fb5fb4dc52e081874de89503c40ad95d7b789e4d0144945be3d87d66a8f60866c4","ssdeep":"6144:p+c3ARRdzjJzsDNauoD+NEwJaZvoIqyuuHd/zrHoSxuDKVkIIbmP7Fe:p+c0aOU","tlshash":"39e4d818ab41306fe5e7c73b65e0f964ad21ca02d67f8a7ff2e17b188b4564d01b3a05","first_seen":"2023-09-25T02:06:39Z","last_seen":"2026-05-09T07:07:06.278506Z","times_seen":123,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":606,"receive":1170,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/static/css/main.397ec292.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:38.471Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/main.397ec292.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:39 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-a4dac\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":675244,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (50737)","md5":"1cf163c0c0b1696a7220c3e951629262","sha1":"f8205a4d5419c99c4de59b1de3ea66abaa56cf73","sha256":"5bf31c83371902b8a44eeaadddcc1dad52b39d074bc3c0613df9ead6850a6a6c","sha512":"854a4f1515499150ad14fd1dedce03a1eb0211307a1709882c784e606c5a30fb5fb4dc52e081874de89503c40ad95d7b789e4d0144945be3d87d66a8f60866c4","ssdeep":"6144:p+c3ARRdzjJzsDNauoD+NEwJaZvoIqyuuHd/zrHoSxuDKVkIIbmP7Fe:p+c0aOU","tlshash":"39e4d818ab41306fe5e7c73b65e0f964ad21ca02d67f8a7ff2e17b188b4564d01b3a05","first_seen":"2023-09-25T02:06:39Z","last_seen":"2026-05-09T07:07:06.278506Z","times_seen":123,"resource_available":false,"data":null}},"time_used":2307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":723,"receive":1584,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/mulish/1Ptyg83HX_SGhgqO0yLcmjzUAuWexZNR8aevGw.woff2","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:38.466Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/mulish/1Ptyg83HX_SGhgqO0yLcmjzUAuWexZNR8aevGw.woff2 HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/assets/fonts/mulish/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:38 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 11232\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-2be0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11232,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11232, version 1.0","md5":"f4429b00adf61350183e1037f446fd40","sha1":"a23ad1c7b309f8da507b96efad46313f72d3a351","sha256":"ad234f0985f2142bb1fa3a281ddf2511d320f84f73422df2b2384f115b4b9131","sha512":"4878a81633320634eab8d6493c130eec573834433693096b2acecaf0bcc9232c2a945a06a61b2e4522e1a5f789b84221098dfca7d6db071efe9586bd77c07bf3","ssdeep":"192:lIIvN2i4YfGz24CRxgELe5Wx6gN9bXf30Am9Ht1NOqQOn6ivI:lIIvN2i4rz2bjESvfPTmtXOdqvI","tlshash":"0532b0e8abda6657464636f7b49a0c7cc1d41b442f1f4a0a1886c733905f72a8248277","first_seen":"2023-04-09T18:33:33Z","last_seen":"2026-05-27T18:55:48.395294Z","times_seen":778,"resource_available":false,"data":null}},"time_used":622,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":621,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fav/apple-touch-icon.png","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/?token=\u0026password=","date":"2026-01-03T07:48:38.672Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fav/apple-touch-icon.png HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/?token=\u0026password=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 6573\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-19ad\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6573,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"90a61dcc76d704b2e861a0465ced2f87","sha1":"27b6cebdd96c0434c2fe10db0d58b2c3135c9728","sha256":"73ce3b381a9a2c555f88fbfc873a53137b120d0e0398894d130408431a7799af","sha512":"fc441447ba4237afc693fed9ee68b86f9a83e686a1c98b512f520214a926f8746dbfcc266ae54695d53a2fe36bc6ae8c0cdfa998ddf2ccc1f1724757bd833fea","ssdeep":"96:MIXoTewnynwNYEf3fo3zaNS7Au/Ad4YAj7ovvGtT6sbTFxrN1JhDARDUjsG:Miey6Yn3zRV/jWvvGl1XFxfJhMUjsG","tlshash":"edd1adc7a9cdf79e59e9a3e383ce818383e3d01c529e605877a3c28c2c445a596124f6","first_seen":"2023-11-05T22:04:48Z","last_seen":"2026-05-09T07:07:06.292416Z","times_seen":154,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":378,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fonts/icons/style.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:25.548Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/icons/style.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:25 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-db0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3504,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"cf10c1b8b9348fc2752bd628143e6769","sha1":"da766143af460e3863f789fc1db9b281766cb4bb","sha256":"002a20bb327c239893a00b908f0ed4cebb527a2957e61aa49528b71a6a450490","sha512":"a18ae99e905020f19401f6632a91a15c1505268a4199459de96f08010596dafefd48aa94bfb4a6e62497f5a0d4b0329032901bebbf6117bf9a7239e595de6e63","ssdeep":"","tlshash":"a07177f8a87d11405b60de91a3533a31af2c91b4ce936c8af2579c5c67eb6009186ffd","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.284537Z","times_seen":155,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":246,"dns":0,"connect":254,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/images/login_poster.jpg","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:34.015Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/images/login_poster.jpg HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:34 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 18418\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-47f2\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18418,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3","md5":"719cd51d0daa19e7fb86d1f7ae8fdf82","sha1":"c47adb5699df36a8942698a3a5202a8d3da0e4d7","sha256":"82b5025eca7e248ab6a54077b939835ddb259853fcc94b258cd1a39abece9fd0","sha512":"46542f064e8c230c1b40fd902877e20d9282fb28bbe1283ce6fbe2dfc9426d45d699db0ac7c03555ca511763c861d947b120a08ca948f0be0f7f42ffa6d6e428","ssdeep":"192:p6dGIt9uzh+DelAOoMvHQpx0i+v6dTQukMiPdrDlGBsh3V6qcaLmcUVrQ5+Tyv0j:wfKh+hOvwp2fSdEumNEfXZxIFPngnnr","tlshash":"5d82ce079c089743a42997e8be070dad6f1a3b0ced913aff51265ecf3d602251c8e56e","first_seen":"2023-09-25T01:24:38Z","last_seen":"2026-05-09T07:07:06.289732Z","times_seen":156,"resource_available":false,"data":null}},"time_used":1470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":718,"receive":752,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/?token=\u0026password=","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T07:48:36.361Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?token=\u0026password= HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:36 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 01 Jan 2026 18:46:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c0f5-1e9a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7834,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (7834), with no line terminators","md5":"4eb9547e5cec312aaa68d160489e8f51","sha1":"2869b54cc7325357c12efeac4095ba6b13e64277","sha256":"ab79e77f1f1ff6d60462ea3ffebb067ae71ecbe8f05ef4d96743c80fb97c6f55","sha512":"2f23a4cbcbc34871f6363c78e07dafafc281020efd8bd0f4bb13682a84d9b3b848fe3554a7741c4fed82a1e5e35f3b1864417c6c2b29954f6a326e0aa13c9f51","ssdeep":"192:uUvA0g7gpDFZZdCpkM5RbkgPTSPCk4syvOhDT7iYvVwRQp:1PDD7CC4bDT1sDT7iYvVHp","tlshash":"27f1b798b582b0345263b1b6507fa00ef27a7406a48bd824e037d4e5eeb8e8d5573f7d","first_seen":"2026-01-03T07:48:55.536737Z","last_seen":"2026-01-03T07:48:55.536737Z","times_seen":1,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":448,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/fontawesome/css/all.min.css","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:25.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fontawesome/css/all.min.css HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:25 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6956c02c-18d98\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101784,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65317)","md5":"6cb5a85b30082e3d59d7e371e002ce8d","sha1":"0c639634f474b4601a7937f440096185f3a9d8d3","sha256":"01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349","sha512":"c61e8efc2910a0f3960dd6130ea79174f0957754a9bc203d5d77149d94b616624da75728005cefb4237d0666a613ee1a1caf32c941d44827091e05e5a13c93d8","ssdeep":"1536:4fMCMPMCMjMCM4MCMwMCM3spL70pgbPMfjSFbTyMGu3prfZCC:070pgMGFvyMGu3pfZCC","tlshash":"23a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T20:32:18Z","last_seen":"2026-05-27T12:21:28.03227Z","times_seen":5149,"resource_available":false,"data":null}},"time_used":859,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":431,"receive":428,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}},{"url":{"schema":"http","addr":"154.201.84.243:8080/assets/images/login_sd.mp4","fqdn":"154.201.84.243","domain":"154.201.84.243","tld":""},"ip":{"addr":"154.201.84.243","port":8080,"asn":142032,"as":"High Family Technology Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"http://154.201.84.243:8080/","date":"2026-01-03T07:48:34.749Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/images/login_sd.mp4 HTTP/1.1\r\nHost: 154.201.84.243:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=6258688-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://154.201.84.243:8080/\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nServer: nginx/1.29.4\r\nDate: Sat, 03 Jan 2026 07:48:35 GMT\r\nContent-Type: video/mp4\r\nContent-Length: 7070\r\nLast-Modified: Thu, 01 Jan 2026 18:42:52 GMT\r\nConnection: keep-alive\r\nETag: \"6956c02c-5f9b9e\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,X-Token-Auth,Cache-Control,Content-Type,Authorization\r\nContent-Range: bytes 6258688-6265757/6265758\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx:1.29.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7070,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"7431929e733d56475c0a709a8d7dfbc0","sha1":"b518863a41936651f45d97e94cf3a321e9586c7f","sha256":"28ad3b47e8d1f7c4006d8e8e9e7e4d866a6d7595f7bb78e736c9987ce76b33be","sha512":"e5e8ad57aa1f9e49981fd0e014530cf8ad4aca90def01792cacda532d8d55e0bd6b7bae6463bd531f0e3d82a343b7a624cc50684c5fa87c39446ff6879cb6494","ssdeep":"48:Ocfgq0F/ceVqmoXfgxFu8gdxbhsfQJEpQYQz6+EpYfabkeD00A8pD3lUo67C+H7j:b4qGlV+8g/hs/Ot+EabkAKC5p67C+v1D","tlshash":"01e185958335ba89c5974b3c32c31208ba79d679575b432f83b0f43d3e9971c4ca8185","first_seen":"2023-04-13T12:48:38Z","last_seen":"2026-05-09T07:07:06.294764Z","times_seen":105,"resource_available":false,"data":null}},"time_used":537,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":536,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Hook botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware","hook"],"meta":null}]}}]}