| 185.49.57.174/login/?next=/ | 185.49.57.174 | | 4.4 kB |
URL User Request GET 185.49.57.174/login/?next=/ IP185.49.57.174:0 ASN#197075 Active Network S.p.A.
File typeHTML document, Unicode text, UTF-8 text Hash21aa8634e1c6b88af1b677bd02d90542 a11f2361442b68c9507f588593f52dcf8d290233 c733cd37e184b70ba6a805b878d99304f1f388b1e5f0c6cde72a4aff7e7fe642
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login/?next=/ HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 10 May 2024 14:28:09 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie, Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv; expires=Fri, 09 May 2025 14:28:09 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Access-Control-Allow-Origin: *
Content-Encoding: gzip
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js | 104.17.25.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js IP104.17.25.14:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
GET /ajax/libs/jquery/3.6.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 27990
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "63091225-6d56"
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 237372
expires: Wed, 30 Apr 2025 14:28:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zgo5%2FiTdFowHF9L18EjLnJA23lScKLj%2BblxV0DdDlaImGGNxZK47a1R%2FVFp87tTRljjT%2BSSk3cVHIHUPk4j3VG19uUNTSSaa3Z6Fz3yEdF8%2BbVErmpKOUEaKJvQtB%2FwFPlW6iX%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881a9d39eb43569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 185.49.57.174/static/admin/css/base.css | 185.49.57.174 | 200 OK | 0 B |
URL GET HTTP/1.1185.49.57.174/static/admin/css/base.css IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/admin/css/base.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7 | 185.49.57.174 | 200 OK | 6.8 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeUnicode text, UTF-8 text, with very long lines (6704) Hash5cf87bfd9791e2a22b04b2b64d69b1fc d3d1e21adae2a482c7549f9ea4ac66095bc4c43d 924a69f069c4a942d8034d7d9f0770a0878f99cf35317e77dd7872299ec4360d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/css/themes/default/jquery-ui.theme.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 6760
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-1a68"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7 | 185.49.57.174 | 200 OK | 827 B |
URL GET HTTP/1.1185.49.57.174/static/jet/js/i18n/select2/en.js?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (741) Hash428215a0b73730b85bf184312518195f 9f77e56efbbc804af157d6d09c7a03d61c82a130 3e9801060ca5824599bc16a5e723454259f2fbdbccf0514c6db857fc46b97d25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/js/i18n/select2/en.js?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: application/javascript
Content-Length: 827
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-33b"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css | 151.101.1.229 | 200 OK | 30 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css IP151.101.1.229:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeUnicode text, UTF-8 text, with very long lines (65305) Hash025df1ec88740cad5ff14bb3380da6dd 7abed070e37ce060c0a561575f1d41a7f248fc74 2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a
GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 14:28:09 GMT
age: 21996863
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
X-Firefox-Spdy: h2
|
|
| 185.49.57.174/jet/jsi18n/ | 185.49.57.174 | 200 OK | 3.2 kB |
URL GET HTTP/1.1185.49.57.174/jet/jsi18n/ IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeJavaScript source, ASCII text Hash8191f018a5b4d36abed9f9f12d68ab76 71f879ad24d0cdfe8b324dd561b412adfaee35ff c72942c566e907d892ed337f47c5a8c5c737aeb6242a16a79fb3ee3fe481ee11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /jet/jsi18n/ HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/javascript; charset="utf-8"
Content-Length: 3195
Connection: keep-alive
Vary: Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Access-Control-Allow-Origin: *
|
|
| 185.49.57.174/static/core/css/branding.css | 185.49.57.174 | 404 Not Found | 935 B |
URL GET HTTP/1.1185.49.57.174/static/core/css/branding.css IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeHTML document, Unicode text, UTF-8 text Hashbcf7215e4ec2d853536a52eee3fe7378 e4bf95d8913fb6c2d58b36c10da416cc06036e28 62b271bf773b3347320654e9623ad30e537f7dd867c7a2ddc9df5458e248647d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/core/css/branding.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js | 151.101.1.229 | 200 OK | 25 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js IP151.101.1.229:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65299) Hashd2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
GET /npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 14:28:09 GMT
age: 22680525
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24684
X-Firefox-Spdy: h2
|
|
| 185.49.57.174/static/jet/css/icons/style.css?v=1.0.7 | 185.49.57.174 | 200 OK | 2.2 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/css/icons/style.css?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
Hashe8ef2f4d8f3be8c57a758ad8f3e31939 a14fa5adac8d5baad261dd3342290087e6ec9c79 4e03b4ffc2d8d73af41a27272072137287c6a5cb1834035e7f29d24c2273f021
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/css/icons/style.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 2248
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-8c8"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/jet/css/themes/default/select2.theme.css?v=1.0.7 | 185.49.57.174 | 200 OK | 24 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/css/themes/default/select2.theme.css?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeUnicode text, UTF-8 text, with very long lines (23524) Hashc68d63911d3900528a9b08fa52cd22f8 d2ae88877af7630c2b84a5bc6382a7504714c29c 6c86e0940903a123e376a9faf4a31d3828b9d2edcae2ec36f4dc56be927a448f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/css/themes/default/select2.theme.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 23574
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-5c16"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/admin/css/login.css | 185.49.57.174 | 200 OK | 0 B |
URL GET HTTP/1.1185.49.57.174/static/admin/css/login.css IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/admin/css/login.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/core/css/icons/style.css | 185.49.57.174 | 404 Not Found | 934 B |
URL GET HTTP/1.1185.49.57.174/static/core/css/icons/style.css IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeHTML document, Unicode text, UTF-8 text Hash3731d53f23f42bd0460a1a30e7ec328b 08a07e3475f061f6bce04ca76788e3314b2e1a10 605818201f357aed14f6d9ecabcaaeb83e5c81d902f8d1884a3468b9cc5db981
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/core/css/icons/style.css HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
|
|
| 185.49.57.174/static/jet/css/vendor.css?v=1.0.7 | 185.49.57.174 | 200 OK | 54 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/css/vendor.css?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeASCII text, with very long lines (18448) Hash7d4f84d287fa1cf2d9c216ea3ead39b8 0af5777874915a36448f3a4375d6265fa48729e0 02d705396f527c97895f24630c1e7aafaf8f39991870dd5c8b09488a7e1b03ee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/css/vendor.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: text/css
Content-Length: 53889
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-d281"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/jet/css/themes/default/base.css?v=1.0.7 | 185.49.57.174 | 200 OK | 179 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/css/themes/default/base.css?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeUnicode text, UTF-8 text, with very long lines (65510), with no line terminators Size179 kB (178687 bytes) Hashdb6e12ea00ec86ff33cf240cfe75e856 0469c11644d71a46102b92e4bcf9ba1a4e3d0442 95e552e5cfc9296847d3468f235c10878c561f0115cae60d866150afa3f55a9c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/css/themes/default/base.css?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/css
Content-Length: 178687
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-2b9ff"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| 185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7 | 185.49.57.174 | 200 OK | 417 kB |
URL GET HTTP/1.1185.49.57.174/static/jet/js/build/bundle.min.js?v=1.0.7 IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (32006) Size417 kB (417084 bytes) Hash0e5d53505df5269cb8c5549b99cf9e38 41de0f549b34f119a3752a360556f735335659f2 4c5a8cd0757ee69aea77c2d648363ca1328502db1ae69a0857555f25bca2553c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jet/js/build/bundle.min.js?v=1.0.7 HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:09 GMT
Content-Type: application/javascript
Content-Length: 417084
Last-Modified: Wed, 01 May 2024 13:35:01 GMT
Connection: keep-alive
ETag: "66324505-65d3c"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
|
|
| fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2 | 216.58.207.227 | 200 OK | 14 kB |
URL GET HTTP/2fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2 IP216.58.207.227:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 13620, version 1.0 Hashfb9f3b92ba47a506c571a6cdc822ee33 603746b9b81c8687a95e1a5743ddb087c9b71b5a a60cbbc3a467d154735820b68c3840319e675c0048dd2c10a8561e92263423c7
GET /s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfIA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 17:41:42 GMT
expires: Fri, 09 May 2025 17:41:42 GMT
cache-control: public, max-age=31536000
age: 74788
last-modified: Thu, 24 Aug 2023 20:50:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| kit.fontawesome.com/8a4fd2d672.js | 172.64.147.188 | 200 OK | 4.4 kB |
URL GET HTTP/2kit.fontawesome.com/8a4fd2d672.js IP172.64.147.188:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hashc5fe8716210953542dde1c8225b2fa2f 6cfa6f1b783832f2f1094285b4273ba1cdcb0481 a004b7026da8a7b4704a90096fd882cebfe97c41738b72cb68e32b0489514099
GET /8a4fd2d672.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:10 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8i6lw1cO1GtKr0BUjdB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 881a9d3a2b9c569b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 185.49.57.174/favicon.ico | 185.49.57.174 | 302 Found | 0 B |
URL GET HTTP/1.1185.49.57.174/favicon.ico IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: /login/?next=/favicon.ico
Expires: Fri, 10 May 2024 14:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Origin, Cookie
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Access-Control-Allow-Origin: *
|
|
| 185.49.57.174/login/?next=/favicon.ico | 185.49.57.174 | 200 OK | 4.5 kB |
URL GET HTTP/1.1185.49.57.174/login/?next=/favicon.ico IP185.49.57.174:80 ASN#197075 Active Network S.p.A.
Requested byhttp://185.49.57.174/login/?next=/
File typeHTML document, Unicode text, UTF-8 text Hashe3d94f9ea24a95ba2f2c25c101756ddc d7af1bdbca16f78833fb77d6f03859f96164812a b00e415d0dac50a939bfea7d91869822bde9ad15cb637ed55b55811b41e61efa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login/?next=/favicon.ico HTTP/1.1
Host: 185.49.57.174
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.49.57.174/login/?next=/
DNT: 1
Connection: keep-alive
Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 14:28:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 10 May 2024 14:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie, Origin
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=Fuqxl6IgyuyEQOoHrrJzuehq8ht8Mk4jV890MfxHj3yuV4JBU5Yd303cMhOO6NTv; expires=Fri, 09 May 2025 14:28:10 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Access-Control-Allow-Origin: *
Content-Encoding: gzip
|
|
| ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8a4fd2d672 | 104.21.26.223 | 200 OK | 20 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8a4fd2d672 IP104.21.26.223:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com FingerprintB7:87:04:20:5C:0E:FA:B1:92:D1:3B:91:3F:39:7C:48:5C:CB:01:EA ValidityFri, 03 May 2024 11:08:04 GMT - Thu, 01 Aug 2024 11:08:03 GMT
File typegzip compressed data, from Unix Hashbf93864e92056a6159e0c635b701a7c8 f664cfdcdd4db48f53b6efbe00c69b2a0793d1d4 3af2ab480976675f83ff471e002bf1469ba04bdaa2e609e01e69b2c2f7d33708
GET /releases/v5.15.4/css/free.min.css?token=8a4fd2d672 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://185.49.57.174
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:28:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Qoyc6tuxgS4Apo-zOMYObUYZd5JUHGIQWdXNNTCyy658YcT8JyXDaA==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npazJuICJehofB3FPxVi4TKYD6dBREqEfZwgogXUlO08liRvFEInkkgAJB9%2FvYxkZ7G3X8CGu6JdQD6ylOGB2AV8Z2Dzhfh%2F0acEJd5dN7IKkYm5G4asxCMher0DnHqzI6iwh%2F1teA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a9d3d0a6d568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Comfortaa&display=swap | 142.250.74.74 | 200 OK | 2.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Comfortaa&display=swap IP142.250.74.74:443
Requested byhttp://185.49.57.174/login/?next=/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (2285), with no line terminators Hash55cd6f7a220e59010cabb1d27a922828 43866418ed2db4cf603249e2ece96655125b0ad1 2088ff29995254692a038d0481d5ff6582a10facd87cad516b88aa1389406f75
GET /css?family=Comfortaa&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 14:28:10 GMT
date: Fri, 10 May 2024 14:28:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| jet.geex-arts.com/ping.gif | 82.146.57.49 | 200 OK | 42 B |
URL GET HTTP/1.1jet.geex-arts.com/ping.gif IP82.146.57.49:80
Requested byhttp://185.49.57.174/login/?next=/
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ping.gif HTTP/1.1
Host: jet.geex-arts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 14:24:01 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Thu, 24 Sep 2015 11:38:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
|
|