Report - 185.49.57.174/login/?next=/

Report Overview

Submitted URL
185.49.57.174/login/?next=/
IP
185.49.57.174
ASN
#197075 Active Network S.p.A.
Submitted
2024-05-10 14:28:35
Access
public
Website Title
Log in
Final URL
185.49.57.174/login/?next=/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jet.geex-arts.com	unknown	2015-07-27	2017-04-15	2024-03-19	308 B	250 B	82.146.57.49
185.49.57.174	unknown	unknown	No data	No data	6.7 kB	702 kB	185.49.57.174
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	423 B	29 kB	104.17.25.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-09	877 B	57 kB	151.101.1.229
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	540 B	14 kB	216.58.207.227
kit.fontawesome.com	1868	2012-10-18	2019-12-16	2024-05-09	372 B	5.0 kB	172.64.147.188
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17	2024-05-09	436 B	21 kB	104.21.26.223
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	409 B	2.9 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed
2024-05-10	medium	185.49.57.174	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7	417 kB	2024-04-03	2024-05-14
Pretty URL 185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7 IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-03 03:59:08 Last Seen2024-05-14 14:09:53 Times Seen6 Hash 0e5d53505df5269cb8c5549b99cf9e38 41de0f549b34f119a3752a360556f735335659f2 4c5a8cd0757ee69aea77c2d648363ca1328502db1ae69a0857555f25bca2553c Loading...

	kit.fontawesome.com/8a4fd2d672.js	12 kB	2024-05-10	2024-05-14
Pretty URL kit.fontawesome.com/8a4fd2d672.js IP 172.64.147.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 16:28:41 Last Seen2024-05-14 14:09:53 Times Seen3 Hash 1c3f593cff53e25c8cbd38619a321043 9f371a5001227a7e0771674119d9651e0dd22a19 45b465c0d761e482d389c2b60614e223c4c9ac5f6c8f7e8c02c0bf559ae9ae90 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:27 Last Seen2024-05-20 20:34:47 Times Seen23991 Hash 00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js	80 kB	2023-03-08	2024-05-20
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:09 Last Seen2024-05-20 20:41:31 Times Seen1536 Hash d2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00 Loading...

	185.49.57.174/login/?next=/	1.2 kB	2024-05-10	2024-05-14
Pretty URL 185.49.57.174/login/?next=/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 16:28:41 Last Seen2024-05-14 14:09:53 Times Seen2 Hash 017648f9669f83aa48be49a7d50f3d2a 352d08cd91422efb455b9a6b096ff24c343835e9 9d91111d126e0837154d2cfd2db98329fba0bb9de5235561143f0cdebe1d038d Loading...

	185.49.57.174/jet/jsi18n/	3.2 kB	2023-03-13	2024-05-14
Pretty URL 185.49.57.174/jet/jsi18n/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:18:43 Last Seen2024-05-14 14:09:53 Times Seen17 Hash 8191f018a5b4d36abed9f9f12d68ab76 71f879ad24d0cdfe8b324dd561b412adfaee35ff c72942c566e907d892ed337f47c5a8c5c737aeb6242a16a79fb3ee3fe481ee11 Loading...

	185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7	827 B	2023-03-07	2024-05-15
Pretty URL 185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7 IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:58 Last Seen2024-05-15 16:52:30 Times Seen93 Hash 428215a0b73730b85bf184312518195f 9f77e56efbbc804af157d6d09c7a03d61c82a130 3e9801060ca5824599bc16a5e723454259f2fbdbccf0514c6db857fc46b97d25 Loading...

	185.49.57.174/login/?next=/	1.3 kB	2024-05-10	2024-05-14
Pretty URL 185.49.57.174/login/?next=/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 16:28:41 Last Seen2024-05-14 14:09:53 Times Seen2 Hash 7b128813fae1cc74252354bf3c515ec9 a71e505104ecd14557114ef796373c1610890d0f b07809c5b7b80dc992cd864e46252cacbbfd1cd2ae56ffdc4d252cba3a8e84c3 Loading...

	185.49.57.174/login/?next=/	116 B	2023-03-09	2024-05-14
Pretty URL 185.49.57.174/login/?next=/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 01:58:48 Last Seen2024-05-14 14:09:53 Times Seen3 Hash 700dc6bf658e3a1d8e5cd4f22dd70ac3 dd6cd46315b1f7b0b359c17f35a5a785615b2e16 6396d7aa093d3a70b2768da85edcb2e6b08baebcb69895db505b1163700341bd Loading...

	185.49.57.174/login/?next=/	36 B	2024-05-10	2024-05-14
Pretty URL 185.49.57.174/login/?next=/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 16:28:41 Last Seen2024-05-14 14:09:53 Times Seen2 Hash 6b5b0a7c8f6816e1d75649f31102d428 bad8c1df5eb867a062717d0321f2425f38f4a192 854e5631b5363c2c6eb1587bae128cd0cdf87dd0f028fa4fa4b49ef029d143e5 Loading...

	185.49.57.174/login/?next=/	294 B	2024-05-10	2024-05-14
Pretty URL 185.49.57.174/login/?next=/ IP 185.49.57.174 ASN #197075 Active Network S.p.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 16:28:42 Last Seen2024-05-14 14:09:53 Times Seen2 Hash ca7d2a40fd98daad6c4d824fe666b6de a1e16a0bc1a5c547ddbdc12367ab9c6000309e0f 5fc51e1233cfc529a6ebffbf0afbc6f0cb419b46124b6f140821ea927d41bcf5 Loading...

HTTP Transactions (23)

URL IP Response Size

185.49.57.174/login/?next=/

185.49.57.174

4.4 kB

URL User Request GET
185.49.57.174/login/?next=/
IP
185.49.57.174:0
ASN
#197075 Active Network S.p.A.

File type
HTML document, Unicode text, UTF-8 text
Size
4.4 kB (4445 bytes)
Hash
21aa8634e1c6b88af1b677bd02d90542
a11f2361442b68c9507f588593f52dcf8d290233
c733cd37e184b70ba6a805b878d99304f1f388b1e5f0c6cde72a4aff7e7fe642

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/?next=/ HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 10 May 2024 14:28:09 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie, Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv; expires=Fri, 09 May 2025 14:28:09 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Access-Control-Allow-Origin: *
Content-Encoding: gzip

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27990 bytes)
Hash
00727d1d5d9c90f7de826f1a4a9cc632
ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

HTTP Headers

GET /ajax/libs/jquery/3.6.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 27990
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "63091225-6d56"
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 237372
expires: Wed, 30 Apr 2025 14:28:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zgo5%2FiTdFowHF9L18EjLnJA23lScKLj%2BblxV0DdDlaImGGNxZK47a1R%2FVFp87tTRljjT%2BSSk3cVHIHUPk4j3VG19uUNTSSaa3Z6Fz3yEdF8%2BbVErmpKOUEaKJvQtB%2FwFPlW6iX%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881a9d39eb43569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

185.49.57.174/static/admin/css/base.css

185.49.57.174

200 OK

0 B

URL GET HTTP/1.1
185.49.57.174/static/admin/css/base.css
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/base.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7

185.49.57.174

200 OK

6.8 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
Unicode text, UTF-8 text, with very long lines (6704)
Size
6.8 kB (6760 bytes)
Hash
5cf87bfd9791e2a22b04b2b64d69b1fc
d3d1e21adae2a482c7549f9ea4ac66095bc4c43d
924a69f069c4a942d8034d7d9f0770a0878f99cf35317e77dd7872299ec4360d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 6760
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-1a68"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7

185.49.57.174

200 OK

827 B

URL GET HTTP/1.1
185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (741)
Size
827 B (827 bytes)
Hash
428215a0b73730b85bf184312518195f
9f77e56efbbc804af157d6d09c7a03d61c82a130
3e9801060ca5824599bc16a5e723454259f2fbdbccf0514c6db857fc46b97d25

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/js/i18n/select2/en.js?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: application/javascript
Content-Length: 827
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-33b"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css

151.101.1.229

200 OK

30 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
30 kB (30336 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 14:28:09 GMT
age: 21996863
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
X-Firefox-Spdy: h2

185.49.57.174/jet/jsi18n/

185.49.57.174

200 OK

3.2 kB

URL GET HTTP/1.1
185.49.57.174/jet/jsi18n/
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
JavaScript source, ASCII text
Size
3.2 kB (3195 bytes)
Hash
8191f018a5b4d36abed9f9f12d68ab76
71f879ad24d0cdfe8b324dd561b412adfaee35ff
c72942c566e907d892ed337f47c5a8c5c737aeb6242a16a79fb3ee3fe481ee11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jet/jsi18n/ HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/javascript; charset="utf-8"
Content-Length: 3195
Connection: keep-alive
Vary: Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Access-Control-Allow-Origin: *

185.49.57.174/static/core/css/branding.css

185.49.57.174

404 Not Found

935 B

URL GET HTTP/1.1
185.49.57.174/static/core/css/branding.css
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
HTML document, Unicode text, UTF-8 text
Size
935 B (935 bytes)
Hash
bcf7215e4ec2d853536a52eee3fe7378
e4bf95d8913fb6c2d58b36c10da416cc06036e28
62b271bf773b3347320654e9623ad30e537f7dd867c7a2ddc9df5458e248647d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/core/css/branding.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js

151.101.1.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
25 kB (24684 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 14:28:09 GMT
age: 22680525
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24684
X-Firefox-Spdy: h2

185.49.57.174/static/jet/css/icons/style.css?v=1.0.7

185.49.57.174

200 OK

2.2 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/css/icons/style.css?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
ASCII text
Size
2.2 kB (2248 bytes)
Hash
e8ef2f4d8f3be8c57a758ad8f3e31939
a14fa5adac8d5baad261dd3342290087e6ec9c79
4e03b4ffc2d8d73af41a27272072137287c6a5cb1834035e7f29d24c2273f021

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/css/icons/style.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 2248
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-8c8"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/jet/css/themes/default/select2.theme.css?v=1.0.7

185.49.57.174

200 OK

24 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/css/themes/default/select2.theme.css?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
Unicode text, UTF-8 text, with very long lines (23524)
Size
24 kB (23574 bytes)
Hash
c68d63911d3900528a9b08fa52cd22f8
d2ae88877af7630c2b84a5bc6382a7504714c29c
6c86e0940903a123e376a9faf4a31d3828b9d2edcae2ec36f4dc56be927a448f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/css/themes/default/select2.theme.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 23574
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-5c16"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/admin/css/login.css

185.49.57.174

200 OK

0 B

URL GET HTTP/1.1
185.49.57.174/static/admin/css/login.css
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/login.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/core/css/icons/style.css

185.49.57.174

404 Not Found

934 B

URL GET HTTP/1.1
185.49.57.174/static/core/css/icons/style.css
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
HTML document, Unicode text, UTF-8 text
Size
934 B (934 bytes)
Hash
3731d53f23f42bd0460a1a30e7ec328b
08a07e3475f061f6bce04ca76788e3314b2e1a10
605818201f357aed14f6d9ecabcaaeb83e5c81d902f8d1884a3468b9cc5db981

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/core/css/icons/style.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

185.49.57.174/static/jet/css/vendor.css?v=1.0.7

185.49.57.174

200 OK

54 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/css/vendor.css?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
ASCII text, with very long lines (18448)
Size
54 kB (53889 bytes)
Hash
7d4f84d287fa1cf2d9c216ea3ead39b8
0af5777874915a36448f3a4375d6265fa48729e0
02d705396f527c97895f24630c1e7aafaf8f39991870dd5c8b09488a7e1b03ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/css/vendor.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 53889
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-d281"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/jet/css/themes/default/base.css?v=1.0.7

185.49.57.174

200 OK

179 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/css/themes/default/base.css?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
Unicode text, UTF-8 text, with very long lines (65510), with no line terminators
Size
179 kB (178687 bytes)
Hash
db6e12ea00ec86ff33cf240cfe75e856
0469c11644d71a46102b92e4bcf9ba1a4e3d0442
95e552e5cfc9296847d3468f235c10878c561f0115cae60d866150afa3f55a9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/css/themes/default/base.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/css
Content-Length: 178687
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-2b9ff"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7

185.49.57.174

200 OK

417 kB

URL GET HTTP/1.1
185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32006)
Size
417 kB (417084 bytes)
Hash
0e5d53505df5269cb8c5549b99cf9e38
41de0f549b34f119a3752a360556f735335659f2
4c5a8cd0757ee69aea77c2d648363ca1328502db1ae69a0857555f25bca2553c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jet/js/build/bundle.min.js?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: application/javascript
Content-Length: 417084
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-65d3c"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13620, version 1.0
Size
14 kB (13620 bytes)
Hash
fb9f3b92ba47a506c571a6cdc822ee33
603746b9b81c8687a95e1a5743ddb087c9b71b5a
a60cbbc3a467d154735820b68c3840319e675c0048dd2c10a8561e92263423c7

HTTP Headers

GET /s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 17:41:42 GMT
expires: Fri, 09 May 2025 17:41:42 GMT
cache-control: public, max-age=31536000
age: 74788
last-modified: Thu, 24 Aug 2023 20:50:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kit.fontawesome.com/8a4fd2d672.js

172.64.147.188

200 OK

4.4 kB

URL GET HTTP/2
kit.fontawesome.com/8a4fd2d672.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
4.4 kB (4394 bytes)
Hash
c5fe8716210953542dde1c8225b2fa2f
6cfa6f1b783832f2f1094285b4273ba1cdcb0481
a004b7026da8a7b4704a90096fd882cebfe97c41738b72cb68e32b0489514099

HTTP Headers

GET /8a4fd2d672.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:10 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8i6lw1cO1GtKr0BUjdB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 881a9d3a2b9c569b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

185.49.57.174/favicon.ico

185.49.57.174

302 Found

0 B

URL GET HTTP/1.1
185.49.57.174/favicon.ico
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: /login/?next=/favicon.ico
Expires: Fri, 10 May 2024 14:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Origin, Cookie
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Access-Control-Allow-Origin: *

185.49.57.174/login/?next=/favicon.ico

185.49.57.174

200 OK

4.5 kB

URL GET HTTP/1.1
185.49.57.174/login/?next=/favicon.ico
IP
185.49.57.174:80
ASN
#197075 Active Network S.p.A.

Requested by
http://185.49.57.174/login/?next=/

File type
HTML document, Unicode text, UTF-8 text
Size
4.5 kB (4462 bytes)
Hash
e3d94f9ea24a95ba2f2c25c101756ddc
d7af1bdbca16f78833fb77d6f03859f96164812a
b00e415d0dac50a939bfea7d91869822bde9ad15cb637ed55b55811b41e61efa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/?next=/favicon.ico HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 10 May 2024 14:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie, Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv; expires=Fri, 09 May 2025 14:28:10 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8a4fd2d672

104.21.26.223

200 OK

20 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8a4fd2d672
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintB7:87:04:20:5C:0E:FA:B1:92:D1:3B:91:3F:39:7C:48:5C:CB:01:EA
ValidityFri, 03 May 2024 11:08:04 GMT - Thu, 01 Aug 2024 11:08:03 GMT

File type
gzip compressed data, from Unix
Size
20 kB (19648 bytes)
Hash
bf93864e92056a6159e0c635b701a7c8
f664cfdcdd4db48f53b6efbe00c69b2a0793d1d4
3af2ab480976675f83ff471e002bf1469ba04bdaa2e609e01e69b2c2f7d33708

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=8a4fd2d672 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Qoyc6tuxgS4Apo-zOMYObUYZd5JUHGIQWdXNNTCyy658YcT8JyXDaA==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npazJuICJehofB3FPxVi4TKYD6dBREqEfZwgogXUlO08liRvFEInkkgAJB9%2FvYxkZ7G3X8CGu6JdQD6ylOGB2AV8Z2Dzhfh%2F0acEJd5dN7IKkYm5G4asxCMher0DnHqzI6iwh%2F1teA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a9d3d0a6d568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Comfortaa&display=swap

142.250.74.74

200 OK

2.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Comfortaa&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
http://185.49.57.174/login/?next=/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (2285), with no line terminators
Size
2.2 kB (2231 bytes)
Hash
55cd6f7a220e59010cabb1d27a922828
43866418ed2db4cf603249e2ece96655125b0ad1
2088ff29995254692a038d0481d5ff6582a10facd87cad516b88aa1389406f75

HTTP Headers

GET /css?family=Comfortaa&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 14:28:10 GMT
date: Fri, 10 May 2024 14:28:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jet.geex-arts.com/ping.gif

82.146.57.49

200 OK

42 B

URL GET HTTP/1.1
jet.geex-arts.com/ping.gif
IP
82.146.57.49:80
ASN
#29182 JSC IOT

Requested by
http://185.49.57.174/login/?next=/

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ping.gif HTTP/1.1
Host: jet.geex-arts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 14:24:01 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Thu, 24 Sep 2015 11:38:08 GMT
Connection: keep-alive
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML