| | 195.128.100.223 | 200 OK | 162 B |
URL User Request GET HTTP/2IP195.128.100.223:443
CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2024 14:14:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://195.128.100.223/login
|
|
| | 195.128.100.223 | 200 OK | 8.9 kB |
URL User Request GET HTTP/2IP195.128.100.223:443
CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (12404) Hash8b8bdfdce32a5784325ba1787f548b78 6fbb29d1fb1c1b2ecd976a3569d29bcd2b1e8a92 608f03341d3ffcfaf659a563b7492fcaebfeee0b45a88a616eb94eb53f0454af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/html; charset=UTF-8
content-length: 8859
set-cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5; path=/; secure; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
x-request-id: Ypiktm0oZmQjakxDyISI
cache-control: no-cache, no-store, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-NFFxUTZ2MDlYMzlqTDU2VXFDTUZRdkRIZ2VHeWhuZGJnRnZLM1prY3cwWT06czAvV3VaWnZNa2tHSE8zZi8wZHJNY0dLd3F6WDFGaDB5bXllcnQ1MHFoRT0=' 'self' v2202402217819257493 blob: 'unsafe-eval';script-src-elem 'strict-dynamic' 'nonce-NFFxUTZ2MDlYMzlqTDU2VXFDTUZRdkRIZ2VHeWhuZGJnRnZLM1prY3cwWT06czAvV3VaWnZNa2tHSE8zZi8wZHJNY0dLd3F6WDFGaDB5bXllcnQ1MHFoRT0=' 'self' v2202402217819257493 blob: 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org https://api.maptiler.com https://i.ytimg.com https://yt3.ggpht.com https://195.128.100.223;font-src 'self' data:;connect-src 'self' https://*.tile.openstreetmap.org https://server.arcgisonline.com https://stamen-tiles.a.ssl.fastly.net https://api.maptiler.com blob: coturn.195.128.100.223:443;media-src 'self' blob:;frame-src 'self' https://www.openstreetmap.org https://www.youtube-nocookie.com nc: https://195.128.100.223 data:;child-src blob: 'self';frame-ancestors 'self' https://195.128.100.223;worker-src blob: 'self';form-action 'self' https://195.128.100.223
feature-policy: autoplay 'self';camera 'self';fullscreen 'self' https://195.128.100.223;geolocation 'self';microphone 'self';payment 'none'
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/core/css/server.css?v=e81e5730-196 | 195.128.100.223 | 200 OK | 20 kB |
URL GET HTTP/2195.128.100.223/core/css/server.css?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typegzip compressed data, from Unix Hashe166656a6bf308678279a690f9e328dc 88a3367c8698d55bf6832982f3e0722be99b738e 3d0a6e39e8cde1b503139ebfc64462248892128b431895872ea2bc1900d8399a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/css/server.css?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
vary: Accept-Encoding
etag: W/"66051434-1eb5f"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/unroundedcorners/css/unround.css?v=522c33ef-196 | 195.128.100.223 | 200 OK | 1.4 kB |
URL GET HTTP/2195.128.100.223/apps/unroundedcorners/css/unround.css?v=522c33ef-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typegzip compressed data, from Unix Hashd5f5b51e1e3f5b06e6f9892b36abfabe 22e696fba7a4a1db7fd5f6f632982e4cc17ac316 97f339cfaf886605f3b67d46425151c3801dedf29106f8ef56bfee2401ac13e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/unroundedcorners/css/unround.css?v=522c33ef-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css
last-modified: Wed, 21 Feb 2024 20:17:37 GMT
vary: Accept-Encoding
etag: W/"65d65a61-a32"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/js/theming.js?v=e81e5730-196 | 195.128.100.223 | 200 OK | 60 B |
URL GET HTTP/2195.128.100.223/apps/theming/js/theming.js?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
Hash44b0d37d24a2e33ca0b64b50f83cfd6a 1c09d10dcabf2c8fac03ea3b56852ca3feb58cb0 ec4e73e49bca3f6e523c3dfd66e58fa157c81c4da5eb3fa0ceaa589ba8dc0785
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/js/theming.js?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: application/javascript
content-length: 60
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
etag: "66051434-3c"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/image/logo?v=196 | 195.128.100.223 | 200 OK | 142 kB |
URL GET HTTP/2195.128.100.223/apps/theming/image/logo?v=196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typePNG image data, 660 x 660, 8-bit/color RGBA, non-interlaced Size142 kB (141513 bytes) Hashfd94fd0a786b4bc6233bc2a24baefc5e 79e78c199360f0066550ee8cfadc3e6e1484af18 3c96a5fe784d42982e11cfa4ed643c5d80bb6c32c50b09f0ecef07b25557373e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/image/logo?v=196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://195.128.100.223/core/css/guest.css?v=e81e5730-196
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: image/png
content-length: 141513
pragma: no-cache
x-request-id: 1HoSXbNAYTz7OdOBY5nG
cache-control: private, max-age=3600, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-aVBmb1VaU2dKblB2dHZFZEUyWGtSdXozQkh0RTJwTzRBajA1VVJ0RkJFTT06MnJLdUF2L3lTMFdLaFlKV1JBR0tOZDI2UnpZaGlMeVhTQXB0SWx3dGJSUT0=' 'self' v2202402217819257493 blob: 'unsafe-eval';script-src-elem 'strict-dynamic' 'nonce-aVBmb1VaU2dKblB2dHZFZEUyWGtSdXozQkh0RTJwTzRBajA1VVJ0RkJFTT06MnJLdUF2L3lTMFdLaFlKV1JBR0tOZDI2UnpZaGlMeVhTQXB0SWx3dGJSUT0=' 'self' v2202402217819257493 blob: 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org https://api.maptiler.com https://i.ytimg.com https://yt3.ggpht.com https://195.128.100.223;font-src 'self' data:;connect-src 'self' https://*.tile.openstreetmap.org https://server.arcgisonline.com https://stamen-tiles.a.ssl.fastly.net https://api.maptiler.com blob: coturn.195.128.100.223:443;media-src 'self' blob:;frame-src 'self' https://www.openstreetmap.org https://www.youtube-nocookie.com nc: https://195.128.100.223 data:;child-src blob: 'self';frame-ancestors 'self' https://195.128.100.223;worker-src blob: 'self';form-action 'self' https://195.128.100.223
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
last-modified: Wed, 21 Feb 2024 21:38:20 +0000
etag: "632a780d78617956d257f48bd14b85d5"
content-disposition: attachment; filename="logo"
expires: Wed, 24 Apr 2024 15:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/fileslibreofficeedit/js/script.js?v=e81e5730-196 | 195.128.100.223 | 200 OK | 456 kB |
URL GET HTTP/2195.128.100.223/apps/fileslibreofficeedit/js/script.js?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typegzip compressed data, from Unix Size456 kB (455554 bytes) Hash1154f1621dded6c7f4d579ba34ad23fe 8126d1de2d808ef261dc7fd50711e2ff66bcc37d a98c7ca5cf92a9c937f0afbc63669d7de60f34136b5d9c20f61af910dc835537
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/fileslibreofficeedit/js/script.js?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: application/javascript
last-modified: Thu, 22 Feb 2024 18:04:53 GMT
vary: Accept-Encoding
etag: W/"65d78cc5-a7c"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/core/img/loading-dark.gif | 195.128.100.223 | 200 OK | 4.7 kB |
URL GET HTTP/2195.128.100.223/core/img/loading-dark.gif IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeGIF image data, version 89a, 32 x 32 Hash7446c22d8ed8b7b4641adc5dc30f39d2 1ccb798de57db7a5d8996c3eac5ffc3c6b0c5147 93b795ec06aebf7141dbfb46cf6fa51fb964d2a5c0646303eb135b38d007a0a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/img/loading-dark.gif HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:15:00 GMT
content-type: image/gif
content-length: 4683
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
etag: "66051434-124b"
expires: Mon, 21 Oct 2024 14:15:00 GMT
cache-control: max-age=15552000, public, max-age=15778463,
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/core/img/favicon-touch.png | 195.128.100.223 | 200 OK | 2.6 kB |
URL GET HTTP/2195.128.100.223/core/img/favicon-touch.png IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hash1d3564d060120cf25d4282eea184d914 213ed2074711aad3dd4d1af1a058985940cb566f 88ee0ec5e6b1ca971772e0904297258e31dbfaa5dd3d540aeefc2009ab37b7fd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/img/favicon-touch.png HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:15:00 GMT
content-type: image/png
content-length: 2553
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
etag: "66051434-9f9"
expires: Mon, 21 Oct 2024 14:15:00 GMT
cache-control: max-age=15552000, public, max-age=15778463,
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/light.css?plain=0&v=4dea1dae | 195.128.100.223 | 200 OK | 3.5 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/light.css?plain=0&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3653), with no line terminators Hashadab5e3ce2b0e77dea6be5595f14b2db 630799911348f54948279adf1ec07b43c7244fe2 c8b7b10b1ca092dad5b2bfa6b55033e5530513ceb99708f4c0ae4480d88ad0ca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light.css?plain=0&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: 3gPgXsmAh186lyXvkBLU
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/opendyslexic.css?plain=0&v=4dea1dae | 195.128.100.223 | 200 OK | 890 B |
URL GET HTTP/2195.128.100.223/apps/theming/theme/opendyslexic.css?plain=0&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (949), with no line terminators Hash9057f9f6a03ff15dfd13c10417b54d20 8d8e1c54be888513355d846a5ac0ac40bca1caba 49777de6b152222e81b052186b248f5d5f825c3b9282e3fc34a0175a29689b96
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/opendyslexic.css?plain=0&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: 3qJeqnn3NnLOTICgaPqz
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/core/img/favicon.ico | 195.128.100.223 | 200 OK | 3.3 kB |
URL GET HTTP/2195.128.100.223/core/img/favicon.ico IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeMS Windows icon resource - 1 icon, 32x32, 24 bits/pixel Hash68f33e69aa1a4a9cbfbacd6a553ef422 8dbd058612591a5dee5e077983dc89a49382888e bea7d85401905c569359239339770d962854ccda24f134a76f492ab58ecde9f5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/img/favicon.ico HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:15:00 GMT
content-type: image/x-icon
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
vary: Accept-Encoding
etag: W/"66051434-cbe"
expires: Mon, 21 Oct 2024 14:15:00 GMT
cache-control: max-age=15552000, public, max-age=15778463,
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/dark-highcontrast.css?plain=0&v=4dea1dae | 195.128.100.223 | 200 OK | 3.9 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/dark-highcontrast.css?plain=0&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3979), with no line terminators Hash9819a90b5a561167e7b4c6db20eb1375 45da07c3ec6e6c33462628665158f8f59688d3d3 f6e4469022df7e2bb0d2773f16b58496551ec8b0c89c716aefa822f149d14f31
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark-highcontrast.css?plain=0&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: iKDysWnFnmIgTKASBCsE
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/dist/icons.css | 195.128.100.223 | 200 OK | 218 kB |
URL GET HTTP/2195.128.100.223/dist/icons.css IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (1612) Size218 kB (218509 bytes) Hashc45140effc728b83729c2648fadf47df 59da0e1dc996e5c7ac49fb9dc275216370cce973 49d4427485c8a3de6a23ea9e101d9a00668b29d47179656756917ed00826613b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/icons.css HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://195.128.100.223/core/css/server.css?v=e81e5730-196
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css
last-modified: Thu, 28 Mar 2024 06:54:46 GMT
vary: Accept-Encoding
etag: W/"66051436-3558d"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463,
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/image/background?v=196 | 195.128.100.223 | 200 OK | 455 kB |
URL GET HTTP/2195.128.100.223/apps/theming/image/background?v=196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 94x94, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", progressive, precision 8, 1920x1080, components 3 Size455 kB (454772 bytes) Hash4ee9c3c6b5fcce4ff2fbfd286f2ead65 b372d330b04cbc60c03b6cc51b804971ecc341e8 9d7a160cbba5f648f0280dd27733f04309e4a36089987ce085032a928566a69a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/image/background?v=196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://195.128.100.223/core/css/guest.css?v=e81e5730-196
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: image/jpeg
content-length: 454772
pragma: no-cache
x-request-id: l2eZw85TzJtav2TPmBwq
cache-control: private, max-age=3600, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-VjhYNGFKcTFqSTlJajdrdEF4c3E4UUxCWlVRTU1jVzB5Z3RrOHlqS254QT06QllDK08vSG40Ymt0dk1wbVZIOUVnak9NSmdscFkrcWJnRHd3Z0craTlrYz0=' 'self' v2202402217819257493 blob: 'unsafe-eval';script-src-elem 'strict-dynamic' 'nonce-VjhYNGFKcTFqSTlJajdrdEF4c3E4UUxCWlVRTU1jVzB5Z3RrOHlqS254QT06QllDK08vSG40Ymt0dk1wbVZIOUVnak9NSmdscFkrcWJnRHd3Z0craTlrYz0=' 'self' v2202402217819257493 blob: 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org https://api.maptiler.com https://i.ytimg.com https://yt3.ggpht.com https://195.128.100.223;font-src 'self' data:;connect-src 'self' https://*.tile.openstreetmap.org https://server.arcgisonline.com https://stamen-tiles.a.ssl.fastly.net https://api.maptiler.com blob: coturn.195.128.100.223:443;media-src 'self' blob:;frame-src 'self' https://www.openstreetmap.org https://www.youtube-nocookie.com nc: https://195.128.100.223 data:;child-src blob: 'self';frame-ancestors 'self' https://195.128.100.223;worker-src blob: 'self';form-action 'self' https://195.128.100.223
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
last-modified: Wed, 21 Feb 2024 20:56:34 +0000
etag: "60c7f21a5b348a767827524a215ba545"
content-disposition: attachment; filename="background"
expires: Wed, 24 Apr 2024 15:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/dark.css?plain=1&v=4dea1dae | 195.128.100.223 | 200 OK | 3.3 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/dark.css?plain=1&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3307), with no line terminators Hash28af8489097d6946d2129784337355c7 2eca4a8d3b0cb2c26b29b85c4c8d441d03ac34ba 72b032f6df0ee9f227a08e8483f3b06f24f790376d08255978aded72399d5c04
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark.css?plain=1&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: uSAUdgyYGrIJ12tuE8uD
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/light.css?plain=1&v=4dea1dae | 195.128.100.223 | 200 OK | 3.4 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/light.css?plain=1&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3359), with no line terminators Hash3e5189551d6b442525e9ca2c837563ca 990972c71d53b8d03139c706e916a6edffd39e48 0a934614bbfbf1152ce421434dc512f9701b2b0b40c1ade46556501a2d6a7615
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light.css?plain=1&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: IQHNyuUxE32ogORLv6FG
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/css/default.css?v=70e2b24f-196 | 195.128.100.223 | 200 OK | 3.8 kB |
URL GET HTTP/2195.128.100.223/apps/theming/css/default.css?v=70e2b24f-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3861), with no line terminators Hash61bea43f81251f63f1b4fef5f7f652d3 80aceae741a0bcb41f8635b391b427a6d4160508 3f5a61b6983a46ca99469c173337ad099acab74f53ce31d1f5d0e70f2e3e08fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/css/default.css?v=70e2b24f-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
vary: Accept-Encoding
etag: W/"66051434-ebc"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/dist/core-login.js?v=e81e5730-196 | 195.128.100.223 | 200 OK | 144 kB |
URL GET HTTP/2195.128.100.223/dist/core-login.js?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
Size144 kB (144399 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-login.js?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: application/javascript
last-modified: Thu, 28 Mar 2024 06:54:46 GMT
vary: Accept-Encoding
etag: W/"66051436-2340f"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/dark-highcontrast.css?plain=1&v=4dea1dae | 195.128.100.223 | 200 OK | 3.5 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/dark-highcontrast.css?plain=1&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3531), with no line terminators Hashe9541af5c83830daec7add71b68bce8f 56fcb457f36cd01d331127940c55aeaf665af418 5d2171e10bef257dd757988c3a8cc95b5fea4647bdb3131664096fdca6aaf8f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark-highcontrast.css?plain=1&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: 8po6N3i43ACyTuy1alOR
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/dist/core-common.js?v=e81e5730-196 | 195.128.100.223 | 200 OK | 4.7 MB |
URL GET HTTP/2195.128.100.223/dist/core-common.js?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
Size4.7 MB (4655540 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-common.js?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: application/javascript
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
vary: Accept-Encoding
etag: W/"66051434-4709b4"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/default.css?plain=1&v=4dea1dae | 195.128.100.223 | 200 OK | 3.4 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/default.css?plain=1&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3359), with no line terminators Hash3e5189551d6b442525e9ca2c837563ca 990972c71d53b8d03139c706e916a6edffd39e48 0a934614bbfbf1152ce421434dc512f9701b2b0b40c1ade46556501a2d6a7615
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/default.css?plain=1&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: rJvMOoW488toCCM3fHVP
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/dist/core-main.js?v=e81e5730-196 | 195.128.100.223 | 200 OK | 944 kB |
URL GET HTTP/2195.128.100.223/dist/core-main.js?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
Size944 kB (944061 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/core-main.js?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: application/javascript
last-modified: Thu, 28 Mar 2024 06:54:46 GMT
vary: Accept-Encoding
etag: W/"66051436-e67bd"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/dark.css?plain=0&v=4dea1dae | 195.128.100.223 | 200 OK | 3.5 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/dark.css?plain=0&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3600), with no line terminators Hash2bee8ffe4e10484167c84cdfa2472438 39cd2e7623a8d4dc7d5dc67578ad189bac552791 b0547c805f226fdfe759446d575aa954e063cc34ccf2e6794f0f32c6485d904c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/dark.css?plain=0&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: JQ5tHo4dE4BOxEPSTTW8
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/light-highcontrast.css?plain=0&v=4dea1dae | 195.128.100.223 | 200 OK | 3.8 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/light-highcontrast.css?plain=0&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3912), with no line terminators Hash628f79bb5178b9b307ebec1c19c09889 f7f1afa162005a48e3d4565e8c88147d6f837ab4 6c3bf6a13e89289ad5cba6c73a04a1cc5b40f2d35a7364e08c0c364bf7204c02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light-highcontrast.css?plain=0&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: rdnAt2XJ7djOUwarz1se
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/apps/theming/theme/light-highcontrast.css?plain=1&v=4dea1dae | 195.128.100.223 | 200 OK | 3.4 kB |
URL GET HTTP/2195.128.100.223/apps/theming/theme/light-highcontrast.css?plain=1&v=4dea1dae IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
File typeASCII text, with very long lines (3472), with no line terminators Hasheab87d333f91c7dcfcb6174268d0b755 bf741f8304c828a2ccfa4b7d416f716849fcd5db 8a38d14c944baff0343eff92a65c3251621da5a89954d274be5eb5c42c252a43
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /apps/theming/theme/light-highcontrast.css?plain=1&v=4dea1dae HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
x-request-id: 4cowfORc0z8iZLtuSlcv
cache-control: private, max-age=86400, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
content-disposition: inline; filename=""
expires: Thu, 25 Apr 2024 14:14:59 +0000
strict-transport-security: max-age=15768000; includeSubDomains; preload;
permissions-policy: interest-cohort=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noindex, nofollow
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 195.128.100.223/core/css/guest.css?v=e81e5730-196 | 195.128.100.223 | 200 OK | 16 kB |
URL GET HTTP/2195.128.100.223/core/css/guest.css?v=e81e5730-196 IP195.128.100.223:443
Requested byhttps://195.128.100.223/login CertificateIssuer Subjectv2202402217819257493.luckysrv.de FingerprintF0:E2:2D:72:4B:B0:04:41:A2:85:35:4E:89:11:72:A4:78:20:56:DD ValidityTue, 20 Feb 2024 18:15:13 GMT - Fri, 17 Feb 2034 18:15:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core/css/guest.css?v=e81e5730-196 HTTP/1.1
Host: 195.128.100.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: oc_sessionPassphrase=H0UJgzI2Kv9IHiZWc%2F2oqZeAoGreWN6W3ijP8k%2B%2F%2FWJlf4Wj1mkIHClAnIK0H1Oa3qfe8CLwEzS1ObTHFd6wqvlhIY7kdnbNXdEK6klVxBNMU6zVM%2FX%2FXDZHhsQ6KvVX; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oczncodcfj08=r3r3pddui9vpfevsf1k0tu7no5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:14:59 GMT
content-type: text/css
last-modified: Thu, 28 Mar 2024 06:54:44 GMT
vary: Accept-Encoding
etag: W/"66051434-4039"
expires: Mon, 21 Oct 2024 14:14:59 GMT
cache-control: max-age=15552000, public, max-age=15778463, immutable
content-encoding: gzip
X-Firefox-Spdy: h2
|
|